I encountered a very simple way to coerce a web browser to discard the currently cached HTTP auth credentials. It's so simple, I can't believe I didn't think of it before -- or maybe I did and that memory was overwritten to store some other important information. At any rate, simply add overriding credentials to the URL. For example: https://logout:email@example.com/all-the-secrets/
The request with bogus credentials will cause the browser discard the credentials previously cached and make a request using a HTTP header like Authorization: Basic bG9nb3V0OmxvZ291dA==. The server will respond with a HTTP/1.1 401 Unauthorized, after which valid credentials can be entered. Viola.
Up until perhaps a year ago, I had relied on the Web Developer add-on/extension for this function. Recently, I purged all non-essential browser mods, and this one didn't make the cut.
I'm having a bit of fun creating a stupid linkbait headline.
Posted 6/18/14 @ 10:41 AM by Joseph Lamoree