Mu.不存在正确的方法，甚至没有一种跨浏览器一致的方法.

Mu. No correct way exists, not even one that's consistent across browsers.

这是一个来自HTTP规范的问题(第 15.6 节):

This is a problem that comes from the HTTP specification (section 15.6):

现有的 HTTP 客户端和用户代理通常会保留身份验证信息无限期.HTTP/1.1.不提供一个方法服务器指示客户端丢弃这些缓存的凭据.

Existing HTTP clients and user agents typically retain authentication information indefinitely. HTTP/1.1. does not provide a method for a server to direct clients to discard these cached credentials.

另一方面，10.4.2 说:

如果请求已经包含授权凭证，那么 401响应表明授权已被拒绝证书.如果 401 响应包含与之前的响应，并且用户代理已经尝试过认证至少一次，那么用户应该被呈现响应中给出的实体，因为该实体可能包括相关的诊断信息.

If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information.

换句话说，您可以再次显示登录框(如@Karsten 说)，但浏览器不必满足您的请求 - 所以不要太依赖这个(错误)功能.

In other words, you may be able to show the login box again (as @Karsten says), but the browser doesn't have to honor your request - so don't depend on this (mis)feature too much.