One way to handle logout (without closing the browser) is to have a logout link with a destination of "https://bad_username:email@example.com". I believe this causes the browser to forget the original (valid) credentials and attempt authentication with the invalid credentials. This will fail, and produce a new login prompt. Then you have to close the prompt, and close the subsequent "401" page.
So yeah, it is awkward.