How to clear basic authentication details in chrome

Question

I'm working on a site that uses basic authentication. Using Chrome I've logged in using the basic auth. I now want to remove the basic authentication details from the browser and try a different login.

How do you clear the current basic authentication details when using Chrome?

Oh, this pisses me of as well. Firefox behaves similarly by the way, and that's crazy. — shabunc, May 01 '14 at 09:22
@shabunc similarly, but not identical, and yes i agree with you completely! — Michael, Dec 16 '14 at 16:56
you can implement in with some request param like ?no_auth that server understands and returns 401, so that chrome will forget remembered auth info. — ravshansbox, Jan 11 '17 at 13:03
The accepted answer no longer works as of Chrome 65. Use [the chrome://restart answer](https://stackoverflow.com/a/40364665/403527) instead. — Bob, May 23 '18 at 17:46
This problem is HTTP-related, not Chrome-related: see https://stackoverflow.com/q/233507/685806 — Pino, Nov 20 '19 at 14:09
"unless you figure out how to clear the creds, anyone using the computer after you is also logged in" brilliant security decision, http people. Just brilliant. — ahnbizcad, Sep 06 '21 at 01:40
Ok but how do you make chrome REMEMBER basic auth credentials? — gyozo kudor, Feb 10 '22 at 07:39

score 291 · Accepted Answer · edited May 23 '17 at 12:34

291

It seems chrome will always show you the login prompt if you include a username in the url e.g.

http://me@example.com

This is not a real full solution, see Mike's comment below.

edited May 23 '17 at 12:34

Community

1
1

answered Jun 03 '11 at 08:58

opsb

29,325
19
89
99

Works fine for me in Chrome 19. – Mike Shulman Jun 06 '12 at 16:15
27

After I did this in Chrome 21, I found it started always asking for the password, instead of never. Apparently, it will hide the "username@" part in the URL, but still keep it. If you re-enter the URL after doing this (without the @ part), it will stop asking. Just a tip! – Mike Caron Sep 01 '12 at 02:48
This worked for Chrome 27.0.1453.116 using Windows Domain credentials. Thanks! – styfle Jun 24 '13 at 18:14
4

Doesn't work for me in Chrome 28 on Mac. If I log in with one user then put a different user in the URL, it seems to use the old user and password. – Jason Jul 27 '13 at 18:47
Works with Chrome 29.0.1547.66 on windows 7. But I think there is some interaction with the cache and that's why it seems to randomly work or fail for people. It didn't work for me until I emptied the cache ; didn't have to restart chrome or close any tab. – vincent Nov 26 '13 at 16:52
Works perfect on 31, helps to cancel authorization for certain website. – pronebird Dec 12 '13 at 00:41
Works on 32.. Major fail on chromes part for not saving some sort of cookie for the site, so that clearing cache and cookies would result in a re-prompt. They could also trigger a re-prompt after 3 403 errors.. it took me 15 minutes to find this fix. – SgtPooki Jan 29 '14 at 16:58
1

On 35 it works if you do type the "username@" url, enter, then clic on url, enter again ! Weird... The first attempt seems to clean the creds, then requesting again (not with f5) will ask for them. – Sbu Jun 20 '14 at 17:36
For me, this method forces the dialog to be displayed, but my previous username/password is already prefilled in. This allows me to try a different username/password, but doesn't let me clear the username/password (if I put in a wrong user/pwd then it pops up immediately with my original u/p still prefilled). – EoghanM Jul 15 '14 at 14:57
I've had an old Basic Authentication credential set stuck in Chrome for a while now. I've deleted saved passwords, cookies, etc. But I could never get it to present the login prompt until I loaded the site 1 time using anyname@domain.com. Thanks to you my headaches are over! – sholsinger Nov 19 '14 at 02:09
1

Works on localhost as well. All I found, like @SimonBudin is that requesting the URL once with "user@" clears the credentials (but no prompt). Then requesting the second time with just the regular URL brings up the prompt. – codemonkey Apr 07 '16 at 10:43
2

I couldn't get this to work for me until I included the password also (user:password@domain.com). I used the new user/password I was trying to login as and it worked. (In my case I had to urlencode the password, also.) – Cary Apr 14 '16 at 21:07
Works - even though I also had to enter the password in the URL, otherwise backend would just get empty password (no prompt). Is there really not a Chrome dev function, plugin or anything that will just clear the cached basic auth data?!? – mmey Oct 30 '17 at 12:07
2

In Chrome 63, Windows 10, this worked only the first time. I tried this trick and many variants, like including a password, to no avail. The only thing that works consistently for me is using incognito windows - see respose https://stackoverflow.com/a/9558863/4142084 below. – Raul Santelices Jan 24 '18 at 15:18
3

This used to work a few months ago. Now, with Chrome 65, it does not. – Leif Mar 26 '18 at 10:02
2

This stopped working in Chrome 65. Use [this answer](https://stackoverflow.com/a/40364665/403527) instead. – Bob May 23 '18 at 17:43
I noticed it will not work if the url contains resources. If the url is `http://mywebsite.com/resources/`, it **will not work** if I enter `http://wrong@mywebsite.com/resources/`, but **will work** if I enter only `http://wrong@mywebsite.com/` – Libin Varghese Oct 30 '20 at 15:33

CEGRD · Answer 2 · 2016-10-10T14:55:29.153

250

You can open an incognito window Ctrl+Shift+n each time you are doing a test. The incognito window will not remember the username and password the last time you entered.

To use this trick, make sure to close all incognito windows. All incognito windows share the same cache. In other words, you cannot open multiple independent incognito windows. If you login in one of them and open another one, those two are related and you will see that the new window remembers the authentication information from the first window.

edited Oct 10 '16 at 14:55

answered Mar 04 '12 at 21:13

CEGRD

7,787
5
25
35

10

sweet, thanks, I tried clearing ALL my browser data, closing and reopening chrome, and it still did not ask for auth details. Opening an incognito window worked :) – targnation Jun 10 '12 at 19:02
8

Though it sounds really strange, this trick does not work for me in Chrome 34 on Windows. – Martijn May 03 '14 at 17:43
1

@Martijn If true, that sounds like a nasty security bug. – Şafak Gezer Sep 22 '14 at 15:30
Don't forget to enable the extension under incognito mode from the extension settings of Chrome. Then type in the address bar: postman, click on the 1st result which leads to https://chrome.google.com/webstore/detail/postman-rest-client//{some-encoded-string} and click on the green button "Launch app" – Yasen Jun 18 '15 at 14:03
6

Chrome remembers basic auth in incognito windows – Tyguy7 Jul 22 '15 at 01:24
2

@singsuyash / @Tyguy7 / @Dolfa Note that several 'incognito' (alias private) windows **do share auth** among themselves. If you want a clean session, close all private windows before opening a new one. Also, it can be worth noticing that if you open the debugger (`F12`), you get an option in the contextual menu of the "refresh" button to _"clear cache and force refresh"_. This is sometimes very useful, especially when you browsed in non-private mode and need a clean reload. – Balmipour Sep 15 '15 at 16:07
for those saying it does not work in chrome 41, 42, 45 etc... it works the first time you use the incognito window, after it will remember still. Easy fix is to close all your incognito windows, then reopen another incognito window, this worked for me to reset the authentication. – Joseph Astrahan Jan 03 '16 at 19:52
Does not work in latest version of chrome, tested in chrome version 53. Some times during testing if you repeat with invalid password, the resource may return 403 error without showing basic auth dialog input. You need to clear the password cache to test it again with a valid password – webjockey Oct 03 '16 at 16:44
@webjockey You need to close all prior incognito windows for this to work. I added some clarification above. – CEGRD Oct 10 '16 at 14:59

score 120 · Answer 3 · answered Nov 01 '16 at 16:48

120

all you need to do is to type chrome://restart in the address bar and chrome, with all its apps that are running in background, will restart and the Auth password cache will be cleaned.

answered Nov 01 '16 at 16:48

Sal Celli

1,391
1
8
5

10

Didn't work for me (Version 54.0.2840.98 (64-bit) on Mac OS X 10.11) with On Startup: Continue where you left off – Frans Nov 30 '16 at 12:52
1

Working, in (Chromium) incognito mode, as of 62.0.3202.62 (Official Build) (64-bit) on Windows. – veganaiZe Oct 20 '17 at 05:28
1

Does not work for me (63.0.3239.84 (Official Build) Built on Ubuntu , running on Ubuntu 16.04 (64-bit)) – Jasper de Vries Dec 14 '17 at 14:05
1

Doesn't work for me too now: Version 67.0.3396.87 (Official Build) (64-bit) Ubuntu 16.04 (64-bit) – yetanothercoder Jul 03 '18 at 13:28
worked for me on 68.0.3440.106 (Official Build) Built on Ubuntu , running on Ubuntu 18.04 (64-bit) – simon Aug 31 '18 at 10:56
Doesn't work for Chrome 81. It *seems* to work, and requests login again, but even if you deliberately give it wrong username/pw, it still logs you in. It's apparently remembering old, correct, uname/pw in cache somewhere. Doesn't even clear it if you tell it to remember some wrong ones. Going to an incognito window seems the only way right now. – thund Apr 27 '20 at 19:18
2

besides wouldn't that blow away ALL your basic auth creds? I want to do it per site. – user9645 May 28 '20 at 15:23
Worked for me in chrome version 83.0.4103.116 – Myster Jul 14 '20 at 02:31
Works Version 84.0.4147.89 (Official Build) (64-bit) – darw Jul 22 '20 at 09:28
Worked on macOS 12 and chrome 98.0.4758.80 – Akın Tekeoğlu Feb 04 '22 at 08:50

score 64 · Answer 4 · edited May 08 '17 at 08:14

64

The authentication is cleared when you exit Chrome.

Note however, that by default Chrome is running apps in the background, so it may not really exit even if you close all Chrome windows. You can either change this behavior under advanced setting, or e.g. under Windows, you can completely exit Chrome by using the Chrome icon in the systray. There should be an icon if Chrome is still running, but maybe you'll find it only in the popup with the hidden icons. The context menu of the Chrome icon has an entry to completely exit Chrome, and you can also change the setting for running apps in the background using that menu.

Open the Chrome menu
Select Settings
Scroll to the bottom
Click Show advanced settings...
Scroll to the bottom
Under System uncheck the box labeled:
Continue running background apps when Google Chrome is closed

edited May 08 '17 at 08:14

Alex78191

2,383
2
17
24

answered Nov 13 '12 at 19:13

Cito

5,365
28
30

2

In my case there was no systray icon, but I had an app running that I had forgotten was a Chrome app (Flowdock) & had to exit it as well. – Peter Rust Jun 21 '13 at 16:38
5

Ctrl-Shift-Q will quit all chrome proccess' – Patrick May 02 '16 at 03:42
Doesn't work for me and I don't have the option of "Continue running background apps when Google Chrome is closed". (Chrome version 51) – David Jun 10 '16 at 15:27
The option still exists in my Chrome version 51 on Windows. – Cito Jun 15 '16 at 12:42
5

It should be the accepted answer! Also you use `chrome://restart` as sal-celli said. – Alex78191 May 07 '17 at 10:16
1

This is untrue. Chrome still remembers my basic auth logins after dozens of reboots. It saves these logins like any other login. – Cerin Sep 12 '17 at 19:31
@Cerin, I guess you're talking about the password saving feature in Chrome, which is a different issue. You can delete accidentally saved passwords or deactivate password saving completely under Settings - Advanced - Passwords and Forms - Manage Passwords. – Cito Nov 04 '17 at 07:41
@Cito, The two are one in the same. Chrome saves basic authentication logins, just like it does for websites, but there's a slightly different way to clear them, as [this answer](https://stackoverflow.com/a/44950125/247542) clarified. Your answer does not clear basic authentication. Just normal website passwords. – Cerin Nov 06 '17 at 17:37
@Cerin: Again, this answer is about the browser internal basic authentication cache. This cache works independently of whether you use password saving or not. Even if you switch password saving completely off, the browser still remembers your credentials to avoid constantly prompting you when visiting the same realm, until you leave the browser. You *can* *also* save these basic auth credentials with the normal password saving feature, to have them available even after leaving the browser, and then you must clear them in the password manager. But that's a different issue. – Cito Nov 07 '17 at 08:36
1

@Cito, And again, your answer is not helpful, because it doesn't solve the problem. The "internal cache" you're talking about is not a cache but the browser's password saving feature, which the answer I linked to explains how to clear. Passwords aren't "cached" in the sense of images and Javascript files. That would be insane and lead to a massive security hole. – Cerin Nov 07 '17 at 15:31
@Cerin: Again: Password saving and HTTP auth credential caching are two completely different things. If you do not save passwords, these credentials are still cached. Instead of engaging in endless debates I encourage you to simply try it out. Visit a page that requires HTTP auth. Enter your credentials. When Google asks whether it should save the password, decline, so that the password is not saved. Then reload the same page. Your are not asked for the password again, even though it has not been saved. This is because the credentials are cached inside the browser. – Cito Nov 07 '17 at 20:00
@Cerin: And if you still think there is no HTTP auth caching mechanism in Chrome, have a look at the class [HttpAuthCache](https://cs.chromium.org/chromium/src/net/http/http_auth_cache.cc) in the source code. – Cito Nov 07 '17 at 20:03
@Cito, I did try it out. Your solution did not clear the saved basic auth credentials, but the other answer did. – Cerin Nov 08 '17 at 00:08
I think I already explained that this is not about the general problem of removing saved passwords in the manager, but about clearing the http auth cache in particular. – Cito Nov 08 '17 at 08:13
I use Ctrl+Shift+Q to close all windows of Chrome at the same time (and then it suggest to restore them again, when you open Chrome next time). – Maxím G. Jul 27 '18 at 19:55
in my Chrome version 73 it's called "Use hardware acceleration when available" but it did the trick thanks! – MarvinVK Apr 17 '19 at 11:28

score 25 · Answer 5 · answered Mar 13 '15 at 16:53

25

function logout(url){
    var str = url.replace("http://", "http://" + new Date().getTime() + "@");
    var xmlhttp;
    if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest();
    else xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    xmlhttp.onreadystatechange=function()
    {
        if (xmlhttp.readyState==4) location.reload();
    }
    xmlhttp.open("GET",str,true);
    xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6")
    xmlhttp.send();
    return false;
}

answered Mar 13 '15 at 16:53

Sushovan Mukherjee

594
5
13

4

Where does the "Basic YXNkc2E6" value come from? – chamberlainpi Apr 08 '16 at 21:32
Very well. It really works. The YXNkc2E6 is just a hash string for when you do not want to pass the actual username and password. It is not really necessary here – George Pligoropoulos May 13 '16 at 09:10
3

`echo YXNkc2E6 | base64 -D` => `asdsa:` – whitehat101 Nov 15 '16 at 22:09
1

Why not just `"Basic"`? – Alex78191 May 07 '17 at 10:23
This actually worked for me. `Version 66.0.3359.139 (Official Build) (64-bit)`. I'm really happy to break the basic auth chains finally. you need to : 1. declare this function in the dev console 2. call it with your website like `logout('http://google.com')` 3. see the basic auth dialog immediately – Pavel Polyakov May 14 '18 at 13:28
Excellent works for me with `Version 67.0.3396.99 (Official Build) (64-bit)` – Matt Vukomanovic Jul 27 '18 at 05:08
This actually works for me with Chrome v74. I cannot accomplish the same using modern Fetch API (it cannot do request with username). Firefox it's immune to this. It receives a 401 status, but just disregard it, and keep going on. – Valerio May 06 '19 at 23:20
This should be the accepted solution, IMHO – ErnestV Feb 23 '22 at 13:20
It definitely should not be the accepted answer without some explanation of what is happening and why it works. – President James K. Polk Feb 25 '23 at 17:28

score 8 · Answer 6 · edited Dec 17 '20 at 17:27

8

Right click on your Bookmark Bar -> Add Page...
Set the name as Logout Basic Auth
Set the URL as:

javascript: (function() {
    var xmlhttp = new XMLHttpRequest();
    xmlhttp.onreadystatechange = function() {
        if (xmlhttp.readyState == 4) {
            location.reload()
        }
    };
    xmlhttp.open("GET", location.origin, true);
    xmlhttp.setRequestHeader("Authorization", "Basic aW52YWxpZDoK");
    xmlhttp.send();
    return false;
})()

On any webpage you need to logout of Basic Auth, click the bookmark.

edited Dec 17 '20 at 17:27

Suraj Rao

29,388
11
94
103

answered Dec 17 '20 at 17:21

KevinH

81
1
2

1

I understand the security reasons for the browser stripping "javascript:" when I try to paste it into the address bar, but I feel betrayed nonetheless that it didn't obey my command and surprised me by doing a Google search for the remainder of the text – Michael May 10 '21 at 20:18
This is the only solution that worked for me. Very strange of Chrome indeed – philk Jan 03 '22 at 18:03

score 8 · Answer 7 · answered Jul 27 '21 at 05:08

8

This is a quick trick. For example you already input basic auth to url https://example.com by user1:password1. To clear it just open new tab then:

Goto: https://any:any@example.com then your password will be removed.

any:any is any string.

answered Jul 27 '21 at 05:08

Binh Ho

3,690
1
31
31

score 7 · Answer 8 · answered Jun 01 '20 at 09:44

7

I am using Chrome Version 83 and this is how I did it. Before following the steps make sure the tab of the site, whose Auth Details you want to delete is closed.

First, go to Settings >> Privacy and security.

Then click on Site settings option

Then click on View permissions and data stored across sites option

Search for the site whose Auth info you want to delete. In this example, I am using Stack Overflow.

Now click on the site and then click the Clear data button.

Now restart your browser and you will be asked for a fresh login. For restarting you can type chrome://restart in the address bar.

answered Jun 01 '20 at 09:44

Rito

3,092
2
27
40

1

This works perfectly Even without restart removing sites – Amar Apr 07 '21 at 05:49
2

This one is **the only one** of al answers here that worked for me (Chrome 95). It was not necessary to restart. – 7ochem Oct 29 '21 at 09:30

TPoschel · Answer 9 · 2017-10-18T15:33:02.267

5

This isn't exactly what the question is asking for but in case you accidentally saved basic auth credentials and want to clear them or update them:

https://support.google.com/accounts/answer/6197437

Open Chrome.
At the top right, click More > and then Settings.
At the bottom, click Advanced.
Under "Passwords and forms," click Manage passwords.
Under "Saved Passwords", click Remove on the site you want to clear saved basic auth credentials.

Steps 1-4 can be quickly navigated with this link: chrome://settings/passwords

This worked in Chrome Version 59.0.3071.115

edited Oct 18 '17 at 15:33

answered Jul 06 '17 at 13:19

TPoschel

3,775
2
30
29

your link is broken (try it yourself) the chrome link... copy paste worked – Toskan Oct 09 '17 at 14:50
15

He's talking about Basic authentication data, not form passwords. – Barmar Aug 20 '18 at 17:22

score 5 · Answer 10 · answered Sep 24 '19 at 23:59

5

Just do

https://newUsername:newPassword@example.com

...to override your old credentials.

answered Sep 24 '19 at 23:59

Alex

8,245
8
46
55

2

This doesn't work, at least as of as of Chrome 81. Just logs you right back in even if you deliberately enter the wrong username/pw. – thund Apr 27 '20 at 19:11
I just tried with Opera which is Chrome-based and it just worked... Are you using HTTPS? Transferring credentials over HTTP might be disabled by browser vendors meanwhile. – Alex Apr 28 '20 at 20:29

score 4 · Answer 11 · answered May 17 '17 at 17:34

There is no way to do this in Chrome as yet (Chrome 58)

I have found the best solution is to open the url in an Incognito window, which will force you to re-enter the basic authentication credentials.

When you want to change the credentials, close the Incognito window and launch another Incognito window.

Libin Varghese · Answer 12 · 2020-10-30T15:39:00.530

As mentioned by @SalCelli, chrome://restart works. However, this relaunches all the tabs.

Another method is to launch in incognito mode as suggested by CEGRD

However, if you could not like to restart & use incognito, on Chrome 86 (Mac), I found that the answer provided by @opsb & Mike only works with the below additional steps.

Enter the wrong username in the url without the resources

eg: if the url is http://mywebsite.com/resources/, it will not work if I enter http://wrong@mywebsite.com/resources/, but will work if I enter only http://wrong@mywebsite.com/
1. it clears the Basic Auth credentials
2. prompt for the credentials again
However, entering the valid credentials will not work, as in the background, chrome still send the wrong user as part of the url, even though the url appears right in the address bar When prompted for credentials you would need to Cancel, and click the address bar and reload the page from pressing enter. Now enter the correct password

`chrome:restart` not only relaunches all tabs, but it closes all identities and makes you choose one to start with (if you have more than one). But it does work! — Michael, May 10 '21 at 20:20

score 2 · Answer 13 · answered Jan 08 '15 at 11:11

2

May be old thread but thought of adding answer to help others.

I had the same issue with Advanced ReST Client App, I'm not able to clear basic authentication from Chrome neither from app. It simply stopped asking for credentials!

However, I managed to make it work by relaunching Chrome using About Google Chrome -> Relaunch.

Once Chrome is relaunched, when I accessed ReST service, it will ask for user name and password using basic authentication popup.

Hope this helps!

answered Jan 08 '15 at 11:11

Ganesh2

156
3
10

I do not see a “Relaunch” button or link on the “About Google Chrome” view. (Mac OS 10.10, Chrome 40) – MrColes Feb 02 '15 at 21:12
3

you can use `chrome://restart` – Alex78191 May 07 '17 at 10:20
Thanks for chrome://restart !!! works for me. Ubuntu 18.10 Chrome Versión 71.0.3578.98 (Build oficial) (64 bits) – Gonzalo Feb 04 '19 at 19:44

score 1 · Answer 14 · answered Sep 14 '16 at 15:49

1

A lot of great suggestions here, I'll give the one that I found the most efficient:

Just change your password in the site. The old authentication will became outdated and Chrome will request it again.

Since I had a terminal open, I did a simple script to change the password and in two keypresses it were incremented.

answered Sep 14 '16 at 15:49

neves

33,186
27
159
192

1

I'm testing locally, so simply changing my password worked especially well for me. – John Henry Feb 04 '18 at 20:49

score 1 · Answer 15 · edited Jun 06 '19 at 20:14

1

Press the key combination Ctrl+Shift+Delete
You will see popup in chrome
Check the above options and click clear data and you are done.

edited Jun 06 '19 at 20:14

ajaysinghdav10d

1,771
3
23
33

answered Aug 10 '18 at 04:59

Kundan Atre

3,853
5
26
39

4

This will clear all the histories, caches and all. Not recommended. It will be good if we can delete site specific content. – NIKHIL C M Feb 04 '19 at 06:34
This does not clear history if you do not select to do so, as it is mentioned in screenshot. – Kundan Atre Apr 08 '19 at 11:16

score 1 · Answer 16 · answered Jul 18 '19 at 04:24

1

I'm using Chrome 75. What I've found is that restarting Chrome doesn't work. But restarting Chrome AND opening the developer tools does work. I don't have any explanation why this should be.

answered Jul 18 '19 at 04:24

Richard Hunter

1,933
2
15
22

score 0 · Answer 17 · answered Dec 06 '16 at 21:42

In Chrome, on the right-hand side of the URL bar when you are at a password protected URL, you should see a small key symbol. Click the symbol and it will take you directly to the Password Management area where you can remove the entry. That will ensure you receive future prompts or have an opportunity to enter a new password and save it.

If you do not see the key symbol, that same Password Management area can be accessed by going to Chrome -> Settings -> Passwords and forms -> Manage Passwords. Or more simply, this URL – chrome://settings/passwords.

There is no symbol on the right of the URL on Auth pages. You are talking about "password" pages, not Auth pages. See http://stackoverflow.com/questions/5957822/how-to-clear-basic-authentication-details-in-chrome#comment23131117_9159320 — Pacerier, Feb 13 '17 at 09:22

score 0 · Answer 18 · answered May 04 '18 at 18:11

For Chrome 66 I found the relevant option under:

Top right ... menu -> More Tools -> Clear Browsing Data
Click the "Advanced" tab
Check the "Passwords" box (and uncheck others you don't want cleared)
Click "Clear Data"

Using a new Incognito window is probably easier, but for those times you forget and want to clear the saved password, this does the trick without having to restart Chrome (which also works)

score 0 · Answer 19 · answered Mar 31 '20 at 20:19

0

For Windows 10: What worked for me was clearing the credentials in the Windows Credentials in the Credential Manager.

answered Mar 31 '20 at 20:19

Shiva Naru

925
3
10
21

score 0 · Answer 20 · answered Apr 08 '21 at 21:07

0

I was using LastPass password manager, deleting credentials in LastPass solved the issue.

answered Apr 08 '21 at 21:07

promaty

189
3
4

Julien B. · Answer 21 · 2021-04-13T18:17:30.990

Weirdest thing, but in my case, I was trying to access a page with basic auth and Chrome was sending invalid credentials without even prompting for it. After I logged out from my LastPass plugin, everything was back to normal. So I think LastPass is starting to support Basic Auth but it's not giving the option of what password to use, it looks like it's just sending a random password for a domain that matches (which is very problematic in my case).

Thought it might help someone.

score 0 · Answer 22 · answered Apr 07 '22 at 05:43

0

In my case (Win Chrome v100) it worked when using https://@domain.com to delete the credentials. Verify in the dev tools and querying document.URL.

answered Apr 07 '22 at 05:43

Michael Bolli

1,993
2
16
19

score 0 · Answer 23 · answered Mar 09 '23 at 23:08

From this answer, I worked out I could open Chrome Dev Tools (Ctrl+Shift+I), and paste the following into the console:

{
    const str = location.origin.replace("http://", "http://" + new Date().getTime() + "@");
    let xmlhttp;
    if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest();
    else xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    xmlhttp.onreadystatechange=function()
    {
        if (xmlhttp.readyState==4) location.reload();
    }
    xmlhttp.open("GET",str,true);
    xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6")
    xmlhttp.send();
}

The page will refresh, and the credentials will be cleared.

score 0 · Answer 24 · answered Apr 17 '23 at 14:23

The only thing that worked for me was to add a route to my application that logs the user out and returns a 401 Http error.

In Laravel, this looked like

    Route::get('/clearbasic', function() {
        auth()->logout();
        abort(401);
    });

I can load this route and next access to the regular routes are prompted for the basic credentials.

score 0 · Answer 25 · answered Aug 28 '23 at 07:44

Server-Side solution

If you'd like to prompt the user to log out, you can simply send an HTTP header with a 401 status code. Here's how you can do it:

WWW-Authenticate: Basic realm="401"

Optionally, you can include a meta-refresh in the HTTP response body to redirect users back to the main page after logging out:

Authentication required!<meta http-equiv="refresh" content="5; url=/">

(where / is your main page and 5 is 5 seconds delay)

Client-Side solution

To clear the saved Basic Auth credentials, you can send a new AJAX request to the server with the following steps:

Set up an HTTP header for Basic Auth, like so:

xmlHttpRequest.setRequestHeader("Authorization","Basic LTop")

Here, "LTop" is a Base64-encoded string that may contain invalid authentication data. 2. Prepare the URL: take your complete URL, including the protocol, domain, and path, and insert a new authentication part between the protocol and domain. For instance, if your domain is https://yourdomain.com, the prepared URL would be https://-:)@yourdomain.com.

After sending this request, the browser should forget the old credentials, allowing you to refresh the page.

Alternate Solution #1

An alternative approach is to close all of your browser tabs and windows, then reopen the browser. This should trigger the authentication prompt again.

Alternate solution #2

Another option is to use an incognito window. However, this won't work if you've already logged in via an existing incognito window. In that case, close all incognito windows and then open a new one.

score -1 · Answer 26 · answered Oct 21 '15 at 19:57

Chrome uses the same Internet Options as IE.

Try opening your Internet Options and removing the URL from "Trusted Sites." This should regenerate a 401 call for credentials when you restart the browser and visit the URL again.

You may need to remove it from "Intranet Sites" as well.

score -1 · Answer 27 · answered Oct 02 '16 at 22:02

-1

Things changed a lot since the answer was posted. Now you will see a small key symbol on the right hand side of the URL bar.
Click the symbol and it will take you directly to the saved password dialog where you can remove the password.

Successfully tested in Chrome 49

answered Oct 02 '16 at 22:02

John

7,507
3
52
52

3

This is completely untrue. Chrome 53 – patricktokeeffe Nov 11 '16 at 01:41
1

Tested on two independend computers, chrome 54 now. It is true and works perfectly. – John Nov 14 '16 at 15:50
1

This only works if the url that you are using your password for and the site you eventually land on/auth through are the same. Say i start at `a.com` get redirected to `b.com` and end at `a.com` i may have a username/password entry on `a.com` but if the data is forwarded to `b.com` and that is where i die on authentication this method is useless – O'Mutt Feb 03 '17 at 14:50

score -2 · Answer 28 · edited Nov 09 '12 at 22:21

-2

You can also do it via the settings page, chrome://chrome/settings

Under The Hood
Advanced Settings
Passwords and Forms

Then click the link Manage saved passwords.

edited Nov 09 '12 at 22:21

cincodenada

2,877
25
35

answered Feb 06 '12 at 11:19

andersjanmyr

11,302
5
29
29

47

This works for normal logins and password saving but BASIC authentication details are not saved in these settings. – Paul Whipp Apr 23 '13 at 23:57
3

Maybe in 2012 they didn't show the BASIC authentication details here, but in 2015 they do. This, to me, is the most sensible place to look for these details. – Sunil D. Nov 24 '15 at 18:03
3

Wrong then and wrong now. As of Chrome 53, the 'manage passwords' page does _not_ list cached basic auth credentials. – patricktokeeffe Nov 11 '16 at 01:44
Worked for me. Mac OS Sierra 10.12.1, Chrome 55.0.2883.95 (64-bit) – Vasily802 Dec 21 '16 at 02:41

score -5 · Answer 29 · answered Jun 02 '11 at 20:38

-5

You should be able to clear your credentials from your browser via "Clear Browsing Data..." in chrome://settings/advanced

answered Jun 02 '11 at 20:38

Boris Smus

8,220
2
36
33

3

Unless I'm mistaken ( I hope so :) ) this doesn't allow you to clear credentials for a single site. You have to clear all of your saved passwords. I want to be able to switch between users on the site that I'm testing so I really need a method that will allow me to clear just one site. – opsb Jun 03 '11 at 08:56
This would be great if it actually worked as Chrome suggests it should. :( obsp's answer worked correctly. – Dr. Hilarius Aug 01 '12 at 00:43

How to clear basic authentication details in chrome

29 Answers29

Server-Side solution

Client-Side solution

Alternate Solution #1

Alternate solution #2

Linked