A log out button would enable users to log out of the manager application and end the associated session without having to close the browser window.
Only because this is Mark, i won't mark as WONTFIX. Patches are always welcome :). This can't really be done cleanly, since the Manager webapp uses BASIC auth. There is no way that I know of to tell the browser to stop sending the credentials with each request. As a result, there is no way for the webapp to know that the user hasn't logged back in. This is largely why the "logoff" feature was dropped from the servlet spec. I haven't tested it, but a really dirty hack might be to send a 401 response to the logoff, and count on the user to hit the cancel button.
A couple of options are: 1) Display a page that tells the user to close the browser. 2) Close the browser 3) A variation of http://trac-hacks.org/wiki/TrueHttpLogoutPatch 4) Display a page that tells the user to close the browser to be 100% but tries the ideas in 3 anyway. I like 2 along with a short warning near the ogout button the closing the browser is the only guaranteed way to logoff. Simple and known to work. I might look at this in the next several weeks.
If memory serves me correctly, CSRF was the driver behind this and Tomcat 7 now has CSRF protection built in to the manager app. Given that: I was the one requesting this; no one else has requested it; and the CSRF protection makes it unnecessary, I am closing this as won't fix.
Changing WONTFIX status to DUPLICATE of bug 62048. *** This bug has been marked as a duplicate of bug 62048 ***