Allow remove logged status for basic authentication site in Page Info

UNCONFIRMED
Unassigned

Status

()

Firefox
Page Info Window
P5
enhancement
UNCONFIRMED
2 years ago
3 months ago

People

(Reporter: Ulrich Windl, Unassigned)

Tracking

(Depends on: 1 bug)

38 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (X11; Linux i686; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 2014112600

Steps to reproduce:

Log in with some use password to some site using basic authentication. After authentication I found out it was the wrong user (the user was valid, but the service requires another user)


Actual results:

If I close and reopen the tab to log in newly, the old authentication data is reused, and there is no way to make Firefox forget it (except closing and reopening it with all tabs)


Expected results:

There should be a way to remove or change (maybe view also) existing authorization data for a page similar to viewing remembered passwords and cookies.
(Reporter)

Updated

2 years ago
Severity: normal → enhancement
OS: Unspecified → All
Hardware: Unspecified → All
Version: 34 Branch → 38 Branch
Component: Untriaged → XUL
Product: Firefox → Core
Hi Ulrich,

We're going to need a bit more information. What website are you testing? Can you reproduce this issue in a newer version of Firefox?
Flags: needinfo?(Ulrich.Windl)
(Reporter)

Comment 2

2 years ago
(In reply to Grover Wimberly IV from comment #1)
Well, it seems the browser is sending the authorization data it has cached somewhere whenever it is requested. Once the authentication succeeds, the application won't ask to re-authenticate, and there is no way to tell the browser to forget the cached authentication data (unless I missed some recent magic addition).
I can't remember the site I was using, but probably some primitive site like CUPS on localhost (https://localhost:631) will do: Authenticate as you (non-priviledged user). Authentication will succeed, but you are not allowed to change things (like adding a printer). From there on, you cannot change your authentication data.
Flags: needinfo?(Ulrich.Windl)

Updated

2 years ago
Component: XUL → Page Info Window
Depends on: 260839
Product: Core → Firefox
See Also: → bug 300002
Summary: Add context menu "remove/change authorization data" for "page info" → Allow remove logged status for basic authentication site in Page Info
I think you can use devtools to delete the http auth session cookie, but I agree that's a little hard to find.

It wouldn't be terrible to have something on the page info dialog to delete the current http auth session, but we have no plans currently to do anything here.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.