Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?
Solution 1
I have same issue. I used to log on to one web site with credentials and now I can't log on using any others. When I log off and try to log on again Chrome puts Authorization header automatically without asking. The site uses local users database (no AD but plain .htpasswd file) and uses Basic authentication.
Already tried cleaning all cookies and saved passwords. No luck. And this happens only on Chrome and only on one PC (on other PCs in Chrome with my Google account it works properly and asks for credenticals after logon)
I've found a workaround for the issue as my main goal was to authenticate as different user. I have run the Fiddler and enabled breakpoints there. So upon request with Authorization header I've forced 401 response and thus made authentication window to appear. Then I've provided necessary credentials and my problem was fixed.
However it doesn't answer the question where those credentials are stored
Solution 2
That site is probably using local storage[1][2] which is like cookies for HTML5.
It has been asked, how to clear the local storage, but unfortunately, Chrome does not currently include local storage in the Clear Browsing Data dialog. In the meantime, you can do it manually by deleting the file(s) corresponding to that site under the Local Storage folder of your User Data Directory.
Related videos on Youtube
16 : 31
11 : 53
02 : 22
03 : 42
03 : 02
TechnicalChaos
Updated on September 18, 2022Comments
-
TechnicalChaos over 1 year
I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials.
I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode.
The web application behaves as expected in Internet Explorer 10.
Some info about the application:
- It's a Sharepoint site using NTLM authentication
- The credentials are Active Directory-based, as the username is domain\username
- My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain.
- The site is running SSL on port 443
Why might Chrome be automatically authenticating me?
-
Max Barraclough almost 4 yearsChrome does not currently include local storage in the Clear Browsing Data dialog Is this still true today? I'm unsure if it's included under 'Cookies and other site data'.
-
Synetech over 3 yearsI stopped using Chrome a few years ago, but I just checked and I honestly can't tell if it does or not. There's nothing in the Clear Browsing Data dialog that mentions local storage, but there is one that says "Site Settings" which I think might be local storage. I suspect Chrome avoids using terms like "local settings" to be "user friendly" (the Chrome devs have a tendency to insist on treating users like mentally-challenged babies, which is part of why I quit using Chrome). The docs don't clarify things either. 🤷
-
Programer Beginner over 3 years@Synetech "file(s) corresponding to that site" - Which file(s) specifically? Which file(s) contain the HTTP authentication details?
-
Synetech over 3 years@ProgramerBeginner, I stopped using Chrome years ago, so I don't know its current system of local-storage. 🤷 Look in the folder and see what you can find. Open them in a hex-editor and see if you can find the login name (the password might be encrypted).
