this is the code in wwprocess
FUNCTION Authenticate(lcValidUserName,lcErrorMessage,llNoForcedLogin)
LOCAL lcUsername, lcPassword, lcErrorMsg, loLogin, lcHtml, lcCurrentUrl
IF EMPTY(lcValidUserName)
lcValidUserName = ""
ENDIF
DO CASE
CASE UPPER(lcValidUserName) = "LOGOUT"
IF THIS.cAuthenticationMode == "UserSecurity"
THIS.lEnableSessionState = .T. && ensure that session exists
Session.SetSessionVar(this.cAuthenticationUserSecurityKey,"")
*** Expire cookie
this.oResponse.AddCookie(this.cSessionKey,"","/",MimeDateTime(DATE()-1))
RETURN .T.
ELSE
*** Clear authorization header
Response.AddHeader("Authorization","") <<<------------------------------------
ENDIF
CASE THIS.cAuthenticationMode == "UserSecurity" OR ;
this.cAuthenticationMode == "Custom"