if I may take the liberty to comment to this…
Glad to hear IPFire being useful.
As @bonnietwin already wrote, HTTP Basic Authentication is rather limited when it comes to logout functionality. It does not submit login credentials via a POST request, but via an HTTP header, though.
Since it is simple and pretty robust in terms of security - apart from possible vulnerabilities in Apache, there is little pre-authentication attack surface -, we would not want to change this unless desperately necessary.
@pic18f2550: Since you must not close your browser nor use a dedicated PC to administer IPFire, could Qubes OS be a solution? That way, you could have one browser instance running for IPFire, and another one in a different VM for the other application. The network won’t notice a difference, since the VM traffic is NATted to one IP address.
Just my two cents on this…
Thanks, and best regards,