Fixed the basic auth logout by using the ://foo@hostname... workaround.

Added support for ?destination=... so that login or logout will return to previous visited page.
Revisited the sending of generic response such as access denied, unauthorized, redirection ...
Fixed support of CMS_RESPONSE.header which was  previously ignored.
Added support for CMS_RESPONSE.redirection: detachable READABLE_STRING_8, to allow easy url redirection.
Added CMS_NODE.make_empty
+ Cosmetic.

src/modules/basic_auth/basic_auth_module.e

@@ -1,5 +1,8 @@
 note
-	description: "This module allows the use of HTTP Basic Authentication to restrict access by looking up users in the given providers."
+	description: "[
+			This module allows the use of HTTP Basic Authentication to restrict access
+			by looking up users in the given providers.
+		]"
 	date: "$Date: 2015-02-09 22:29:56 +0100 (lun., 09 févr. 2015) $"
 	revision: "$Revision: 96596 $"
 
@@ -82,7 +85,7 @@ feature -- Hooks configuration
 			-- Module hooks configuration.
 		do
 --			a_response.subscribe_to_block_hook (Current)
-		end 
+		end
 
 feature -- Hooks
 
@@ -107,9 +110,9 @@ feature -- Hooks
 			lnk: CMS_LOCAL_LINK
 		do
 			if attached a_response.current_user (a_response.request) as u then
-				create lnk.make ("Logout", "/basic_auth_logoff")
+				create lnk.make (u.name +  " (Logout)", "/basic_auth_logoff?destination=" + a_response.request.request_uri)
 			else
-				create lnk.make ("Login", "/basic_auth_login")
+				create lnk.make ("Login", "/basic_auth_login?destination=" + a_response.request.request_uri)
 			end
 --			if not a_menu_system.primary_menu.has (lnk) then
 				lnk.set_weight (99)

src/modules/basic_auth/handler/basic_auth_login_handler.e

@@ -50,11 +50,21 @@ feature -- HTTP Methods
 		do
 			api.logger.put_information (generator + ".do_get Processing basic auth login", Void)
 			if attached {STRING_32} current_user_name (req) as l_user then
-				(create {CMS_GENERIC_RESPONSE}).new_response_redirect (req, res, req.absolute_script_url("/"))
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
+					 redirect_to (req.absolute_script_url (l_uri.url_encoded_value), res)
+				else
+					redirect_to (req.absolute_script_url ("/"), res)
+				end
 			else
-				(create {CMS_GENERIC_RESPONSE}).new_response_authenticate (req, res)
+				send_basic_authentication_challenge (Void, res)
 			end
 		end
 
+feature -- Helpers
+
+	send_basic_authentication_challenge (a_realm: detachable READABLE_STRING_8; res: WSF_RESPONSE)
+		do
+			res.send (create {CMS_UNAUTHORIZED_RESPONSE_MESSAGE}.make_with_basic_auth_challenge (a_realm))
+		end
 
 end

src/modules/basic_auth/handler/basic_auth_logoff_handler.e

@@ -45,13 +45,29 @@ feature -- HTTP Methods
 			-- <Precursor>
 		local
 			l_page: CMS_RESPONSE
+			l_url: STRING
+			i: INTEGER
 		do
 			api.logger.put_information (generator + ".do_get Processing basic auth logoff", Void)
 			if attached req.query_parameter ("prompt") as l_prompt then
-				(create {CMS_GENERIC_RESPONSE}).new_response_unauthorized (req, res)
+				unset_current_user (req)
+				send_access_denied (res)
 			else
 				create {GENERIC_VIEW_CMS_RESPONSE} l_page.make (req, res, api)
-				l_page.set_status_code ({HTTP_STATUS_CODE}.unauthorized)
+				unset_current_user (req)
+				l_page.set_status_code ({HTTP_STATUS_CODE}.found) -- Note: can not use {HTTP_STATUS_CODE}.unauthorized for redirection
+				if attached {WSF_STRING} req.query_parameter ("destination") as l_uri then
+					l_url := req.absolute_script_url (l_uri.url_encoded_value)
+				else
+					l_url := req.absolute_script_url ("")
+				end
+				i := l_url.substring_index ("://", 1)
+				if i > 0 then
+						-- Note: this is a hack to have the logout effective on various browser
+						-- (firefox requires this).
+					l_url.replace_substring ("://_logout_basic_auth_@", i, i + 2)
+				end
+				l_page.set_redirection (l_url)
 				l_page.execute
 			end
 		end