How can I make Firefox "invalidate" it's saved HTTP Basic Auth credentials for a website from the client side?
Currently, I have to restart the browser, which is rather cumbersome with multiple tabs open.
Is there a way to do this without having to restart Firefox/clear the cache/etc.
You can choose Clear Recent History from the History menu (Ctrl + Shift + Del, Macs: Cmd ⌘ + Shift + Del). You can then select to just clear Active Logins from the details to just clear those sessions.
In older versions of Firefox (such as FF3), Clear Recent History is under the Tools menu. The shortcut is the same.
If you change username and password from the original session to one which will not authenticate, Firefox will destroy all reference to the old authentication and attempt the new one.
You can change/set authentication by adding user:pass@ to the beginning of the URL, example: http://user:pass@www.example.com/
If you are logged into www.example.com with user:pass then typing (adding to the beginning of the address) anything@ will cause this to happen, example: http://abc@www.example.com/
A fast fix which doesn't require any plugins.
Please note this only works for HTTP Basic Auth.
An additional side benefit is this will affect only the website you are interacting with. All other logins to any other website will remain active.
The Web Developer toolbar allows HTTP authentication to be reset within a browser session.
From Firefox's Context Menu, choose Web Developer -> Miscellaneous -> Clear Private Data -> HTTP Authentication.
Make the request from a private window.
In Firefox: File - New Private Window (Ubuntu Ctrl+Shift+P)
In Chrome New incognito Window (Ubuntu Ctrl+Shift+N)
there is no way for the website to offer a log out option
This is wrong. There are several and simple ways for the website to offer a logout options.
1) Logout link will point to a URL on the same domain containing credentials that are intentionally incorrect
2) Logout link will trigger javascript with following code snippet (Microsoft Internet Explorer only):
<script>document.execCommand('ClearAuthenticationCache', 'false');</script>
You can remove login information, including the httpswd authentication requested by Apache, from any single site you want, without having to delete the entire history or login information from all sites:
Firefox: Burger icon (Options) at the top right under X -> Preferences -> Privacy & Security -> Logins and Passwords section -> Saved logins button -> Select from the list the page from which you want to delete login data -> Press the Delete button at the top right
A similar question is here: Firefox not deleting HTTP Basic authentication credentials although being instructed to do so
Not sure if this will help anyone else, but in my case i thought that it was a bad password that firefox was storing when i couldn't access a site with basic HTTP authentication. But it turns out that site was actually using NTLMv1 (windows version of basic http authentication) which firefox has now disabled by default since version 30.
To enable go to about:config, and set the pref network.negotiate-auth.allow-insecure-ntlm-v1 to True.
Firefox does not prompt for password for http authenticated sites, how to make it prompt?
Well, I expire the client's PHPSESSIONID. When you expire it, it will remove it from the client browser. The second step (which I haven't figured out) would be to delete the session cookie on the server side that would remove the auth state on the server before it times out and will prevent the server from generating a new phpsessionid when it see this client without the cookie.
<script type="text/javascript">
document.cookie = "PHPSESSID=;Path=/;expires=Thu, 01 Jan 1970 00:00:01 GMT;";
</script>
The easiest way is to log out from the site instead of just closing the tab. If this is not an option and you know before hand you will be visiting a site you want forgotten you can install Sandboxie and run your Firefox (or any browser) in a sandbox. Delete the contents of the sandbox when done and everything you have done is gone.
