I'm working on a site that uses basic authentication. Using Chrome I've logged in using the basic auth. I now want to remove the basic authentication details from the browser and try a different login.
How do you clear the current basic authentication details when using Chrome?
It seems chrome will always show you the login prompt if you include a username in the url e.g.
This is not a real full solution, see Mike's comment below.
You can open an incognito window Ctrl+Shift+n each time you are doing a test. The incognito window will not remember the username and password the last time you entered.
To use this trick, make sure to close all incognito windows. All incognito windows share the same cache. In other words, you cannot open multiple independent incognito windows. If you login in one of them and open another one, those two are related and you will see that the new window remembers the authentication information from the first window.
F12), you get an option in the contextual menu of the "refresh" button to "clear cache and force refresh". This is sometimes very useful, especially when you browsed in non-private mode and need a clean reload.
Commented
Sep 15, 2015 at 16:07
all you need to do is to type chrome://restart in the address bar and chrome, with all its apps that are running in background, will restart and the Auth password cache will be cleaned.
The authentication is cleared when you exit Chrome.
Note however, that by default Chrome is running apps in the background, so it may not really exit even if you close all Chrome windows. You can either change this behavior under advanced setting, or e.g. under Windows, you can completely exit Chrome by using the Chrome icon in the systray. There should be an icon if Chrome is still running, but maybe you'll find it only in the popup with the hidden icons. The context menu of the Chrome icon has an entry to completely exit Chrome, and you can also change the setting for running apps in the background using that menu.
SettingsShow advanced settings...System uncheck the box labeled: Continue running background apps when Google Chrome is closed
chrome://restart as sal-celli said.
Commented
May 7, 2017 at 10:16
function logout(url){
var str = url.replace("http://", "http://" + new Date().getTime() + "@");
var xmlhttp;
if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest();
else xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4) location.reload();
}
xmlhttp.open("GET",str,true);
xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6")
xmlhttp.send();
return false;
}
Version 66.0.3359.139 (Official Build) (64-bit). I'm really happy to break the basic auth chains finally. you need to : 1. declare this function in the dev console 2. call it with your website like logout('http://google.com') 3. see the basic auth dialog immediately
Commented
May 14, 2018 at 13:28
This is a quick trick.
For example you already input basic auth to url https://example.com by user1:password1. To clear it just open new tab then:
Goto: https://any:[email protected] then your password will be removed.
any:any is any string.
javascript: (function() {
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
location.reload()
}
};
xmlhttp.open("GET", location.origin, true);
xmlhttp.setRequestHeader("Authorization", "Basic aW52YWxpZDoK");
xmlhttp.send();
return false;
})()
I am using Chrome Version 83 and this is how I did it. Before following the steps make sure the tab of the site, whose Auth Details you want to delete is closed.
First, go to Settings >> Privacy and security.
Then click on Site settings option
Then click on View permissions and data stored across sites option
Search for the site whose Auth info you want to delete. In this example, I am using Stack Overflow.
Now click on the site and then click the Clear data button.
Now restart your browser and you will be asked for a fresh login. For restarting you can type chrome://restart in the address bar.
This isn't exactly what the question is asking for but in case you accidentally saved basic auth credentials and want to clear them or update them:
https://support.google.com/accounts/answer/6197437
Steps 1-4 can be quickly navigated with this link: chrome://settings/passwords
This worked in Chrome Version 59.0.3071.115
There is no way to do this in Chrome as yet (Chrome 58)
I have found the best solution is to open the url in an Incognito window, which will force you to re-enter the basic authentication credentials.
When you want to change the credentials, close the Incognito window and launch another Incognito window.
As mentioned by @SalCelli, chrome://restart works. However, this relaunches all the tabs.
Another method is to launch in incognito mode as suggested by CEGRD
However, if you could not like to restart & use incognito, on Chrome 86 (Mac), I found that the answer provided by @opsb & Mike only works with the below additional steps.
Enter the wrong username in the url without the resources
eg: if the url is http://mywebsite.com/resources/, it will not work if I enter http://[email protected]/resources/, but will work if I enter only http://[email protected]/
However, entering the valid credentials will not work, as in the background, chrome still send the wrong user as part of the url, even though the url appears right in the address bar When prompted for credentials you would need to Cancel, and click the address bar and reload the page from pressing enter. Now enter the correct password
chrome:restart not only relaunches all tabs, but it closes all identities and makes you choose one to start with (if you have more than one). But it does work!
May be old thread but thought of adding answer to help others.
I had the same issue with Advanced ReST Client App, I'm not able to clear basic authentication from Chrome neither from app. It simply stopped asking for credentials!
However, I managed to make it work by relaunching Chrome using About Google Chrome -> Relaunch.
Once Chrome is relaunched, when I accessed ReST service, it will ask for user name and password using basic authentication popup.
Hope this helps!
A lot of great suggestions here, I'll give the one that I found the most efficient:
Just change your password in the site. The old authentication will became outdated and Chrome will request it again.
Since I had a terminal open, I did a simple script to change the password and in two keypresses it were incremented.
You will see popup in chrome
Check the above options and click clear data and you are done.
I'm using Chrome 75. What I've found is that restarting Chrome doesn't work. But restarting Chrome AND opening the developer tools does work. I don't have any explanation why this should be.
In my case (Win Chrome v100) it worked when using https://@domain.com to delete the credentials. Verify in the dev tools and querying document.URL.
In Chrome, on the right-hand side of the URL bar when you are at a password protected URL, you should see a small key symbol. Click the symbol and it will take you directly to the Password Management area where you can remove the entry. That will ensure you receive future prompts or have an opportunity to enter a new password and save it.
If you do not see the key symbol, that same Password Management area can be accessed by going to Chrome -> Settings -> Passwords and forms -> Manage Passwords. Or more simply, this URL – chrome://settings/passwords.
For Chrome 66 I found the relevant option under:
Using a new Incognito window is probably easier, but for those times you forget and want to clear the saved password, this does the trick without having to restart Chrome (which also works)
For Windows 10: What worked for me was clearing the credentials in the Windows Credentials in the Credential Manager.
I was using LastPass password manager, deleting credentials in LastPass solved the issue.
Weirdest thing, but in my case, I was trying to access a page with basic auth and Chrome was sending invalid credentials without even prompting for it. After I logged out from my LastPass plugin, everything was back to normal. So I think LastPass is starting to support Basic Auth but it's not giving the option of what password to use, it looks like it's just sending a random password for a domain that matches (which is very problematic in my case).
Thought it might help someone.
From this answer, I worked out I could open Chrome Dev Tools (Ctrl+Shift+I), and paste the following into the console:
{
const str = location.origin.replace("http://", "http://" + new Date().getTime() + "@");
let xmlhttp;
if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest();
else xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4) location.reload();
}
xmlhttp.open("GET",str,true);
xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6")
xmlhttp.send();
}
The page will refresh, and the credentials will be cleared.
The only thing that worked for me was to add a route to my application that logs the user out and returns a 401 Http error.
In Laravel, this looked like
Route::get('/clearbasic', function() {
auth()->logout();
abort(401);
});
I can load this route and next access to the regular routes are prompted for the basic credentials.
If you'd like to prompt the user to log out, you can simply send an HTTP header with a 401 status code. Here's how you can do it:
WWW-Authenticate: Basic realm="401"
Optionally, you can include a meta-refresh in the HTTP response body to redirect users back to the main page after logging out:
Authentication required!<meta http-equiv="refresh" content="5; url=/">
(where / is your main page and 5 is 5 seconds delay)
To clear the saved Basic Auth credentials, you can send a new AJAX request to the server with the following steps:
xmlHttpRequest.setRequestHeader("Authorization","Basic LTop")
Here, "LTop" is a Base64-encoded string that may contain invalid authentication data.
2. Prepare the URL: take your complete URL, including the protocol, domain, and path, and insert a new authentication part between the protocol and domain. For instance, if your domain is https://yourdomain.com, the prepared URL would be https://-:)@yourdomain.com.
After sending this request, the browser should forget the old credentials, allowing you to refresh the page.
An alternative approach is to close all of your browser tabs and windows, then reopen the browser. This should trigger the authentication prompt again.
Another option is to use an incognito window. However, this won't work if you've already logged in via an existing incognito window. In that case, close all incognito windows and then open a new one.
I'm surprised nobody mentioned this but Basic HTTP authentication credentials can actually be deleted from here: chrome://password-manager/passwords
And then you just need to restart your browser to fix it.
I just tested on Windows 11 running Chrome 124.0.6367.78 and I confirm that it works perfectly.
Chrome uses the same Internet Options as IE.
Try opening your Internet Options and removing the URL from "Trusted Sites." This should regenerate a 401 call for credentials when you restart the browser and visit the URL again.
You may need to remove it from "Intranet Sites" as well.
Things changed a lot since the answer was posted.
Now you will see a small key symbol on the right hand side of the URL bar.
Click the symbol and it will take you directly to the saved password dialog where you can remove the password.
Successfully tested in Chrome 49
a.com get redirected to b.com and end at a.com i may have a username/password entry on a.com but if the data is forwarded to b.com and that is where i die on authentication this method is useless
You can also do it via the settings page, chrome://chrome/settings
Then click the link Manage saved passwords.
You should be able to clear your credentials from your browser via "Clear Browsing Data..." in chrome://settings/advanced
