I initially send an http request to the server, as shown:

> GET /start.htm HTTP/1.1
> Host: router
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060605 SeaMonkey/1.5a
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
>

The server responds:

> HTTP/1.0 401 Unauthorized
> Server: IP_SHARER WEB 1.0
> WWW-Authenticate: Basic realm="MR814v2"
> Content-type: text/html
> 
> 401 Unauthorized
> 

At this point, I am prompted for my master password.  When I give it,
a basic auth dialog appears that is filled in with the user name and 
password information stored for this server.  When I click OK, the 
following request is sent.

> GET /start.htm HTTP/1.1
> Host: router
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060605 SeaMonkey/1.5a
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Authorization: Basic dXNlcjpwYXNzd29yZA0K
> 

(Note, that authorization data is faked here in this log, not my real data.)
And it receives the following response from the server:

> HTTP/1.0 200 OK
> Server: IP_SHARER WEB 1.0
> Content-type: text/html
> 
> html>
> <head>
> <meta name="description" content="MR814v2 2022"> 
[SNIPPED]

Several more requests and responses occur immediately, all AOK.  e.g.

> GET /menu.htm HTTP/1.1
> Host: router
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060605 SeaMonkey/1.5a
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Referer: http://router/start.htm
> Authorization: Basic dXNlcjpwYXNzd29yZA0K
> 

which gets this response

> HTTP/1.0 200 OK
> Server: IP_SHARER WEB 1.0
> Content-type: text/html
> 
> <html>
> <head>
> <meta name="description" content="MR814v2 2022"> [SNIPPED]

Then I wait 10 minutes, and click a link on the 10 minute old web page.
That sends this request:

> GET /s_status.htm HTTP/1.1
> Host: router
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060605 SeaMonkey/1.5a
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Referer: http://router/menu.htm
> Authorization: Basic dXNlcjpwYXNzd29yZA0K
>

And I get this response:

> HTTP/1.0 401 Unauthorized
> Server: IP_SHARER WEB 1.0
> WWW-Authenticate: Basic realm="MR814v2"
> Content-type: text/html
> 
> <html><head><meta http-equiv='Pragma' content='no-cache'>
> <meta http-equiv='Cache-Control' content='no-cache'>
> <title> Authorization warning</title>
> <script language="javascript" type="text/javascript">
> function cancelevent(){document.formname.submit();}</script></head>
> <body onload=cancelevent()>
> <form name="formname" action="ptimeout.cgi" method="POST">
> <b>401 Unauthorized</b>
> <input type="hidden" name="inputname" value=""></form></body></html>

At this point, the basic auth dialog appears again, but this time,
it is not filled in.  No user name, no password.  
An inspection of the set of saved passwords shows that the user name
and password for this server have already been removed from the list,
already forgotten.  No getting them back.