User Agent: Mozilla/5.0 (X11; Linux i686; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 2014112600 Steps to reproduce: Log in with some use password to some site using basic authentication. After authentication I found out it was the wrong user (the user was valid, but the service requires another user) Actual results: If I close and reopen the tab to log in newly, the old authentication data is reused, and there is no way to make Firefox forget it (except closing and reopening it with all tabs) Expected results: There should be a way to remove or change (maybe view also) existing authorization data for a page similar to viewing remembered passwords and cookies.
Hi Ulrich, We're going to need a bit more information. What website are you testing? Can you reproduce this issue in a newer version of Firefox?
(In reply to Grover Wimberly IV from comment #1) Well, it seems the browser is sending the authorization data it has cached somewhere whenever it is requested. Once the authentication succeeds, the application won't ask to re-authenticate, and there is no way to tell the browser to forget the cached authentication data (unless I missed some recent magic addition). I can't remember the site I was using, but probably some primitive site like CUPS on localhost (https://localhost:631) will do: Authenticate as you (non-priviledged user). Authentication will succeed, but you are not allowed to change things (like adding a printer). From there on, you cannot change your authentication data.
I think you can use devtools to delete the http auth session cookie, but I agree that's a little hard to find. It wouldn't be terrible to have something on the page info dialog to delete the current http auth session, but we have no plans currently to do anything here.