This explains how to prevent browsers from reusing HTTP Basic Authentication login/password for different sessions or entry points and implements logout, rather than a complete how-to for setting up HTTP Basic Authentication in Seaside.
Create your own Main Class subclass (you set that in entry point configuration) if you don't have it already, and add instance variable that will store the info whether it was the first auth attempt. Then use the variable in YourMainClass>>verifyPassword:forUser:
verifyPassword: pass fromUser: user
isFirstAuth ifTrue: [isFirstAuth := false. ^false].
^super verifyPassword: pass fromUser: user.
You also need to force a redirect on a new session, so that the session key is inserted into URL and you get the same session again on subsequent requests (otherwise a new session is created for every request and the above code never gets past the first auth check). In YourMainClass>>start change the creation of render loop like this
start: aRequest (WARenderLoop new root: self createRoot) redirect; run
-Courtesy of Radoslav Hodnicak