How to clear basic authentication (HTTP Basic Auth) credentials in Chrome?

Question

I'm working on a site that uses basic authentication. Using Chrome I've logged in using the basic auth. I now want to remove the basic authentication details from the browser and try a different login.

How do you clear the current basic authentication details when using Chrome?

Answer 1

As mentioned by @SalCelli, chrome://restart works. However, this relaunches all the tabs.

Another method is to launch in incognito mode as suggested by CEGRD

However, if you could not like to restart & use incognito, on Chrome 86 (Mac), I found that the answer provided by @opsb & Mike only works with the below additional steps.

1. Enter the wrong username in the url without the path

   eg: if the url is http://mywebsite.com/resources/, it will not work if I enter http://wrong@mywebsite.com/resources/, but will work if I enter only http://wrong@mywebsite.com/.

   1. it clears the Basic Auth credentials
   2. prompts for the credentials again

2. However, entering the valid credentials will not work, as in the background, Chrome still sends the wrong user as part of the url, even though there is correct url in the address bar. When prompted for credentials you need to Cancel, click the address bar and reload the page by pressing Enter. Now enter the correct password.

Answer 2

I'm surprised nobody mentioned this but Basic HTTP authentication credentials can actually be deleted from here: chrome://password-manager/passwords

And then you just need to restart your browser to fix it.

I just tested on Windows 11 running Chrome 124.0.6367.78 and I confirm that it works perfectly.

Answer 3

Server-Side solution

If you'd like to prompt the user to log out, you can simply send an HTTP header with a 401 status code. Here's how you can do it:

WWW-Authenticate: Basic realm="401"

Optionally, you can include a meta-refresh in the HTTP response body to redirect users back to the main page after logging out:

Authentication required!<meta http-equiv="refresh" content="5; url=/">

(where / is your main page and 5 is 5 seconds delay)

Client-Side solution

To clear the saved Basic Auth credentials, you can send a new AJAX request to the server with the following steps:

1. Set up an HTTP header for Basic Auth, like so:

xmlHttpRequest.setRequestHeader("Authorization","Basic LTop")

Here, "LTop" is a Base64-encoded string that may contain invalid authentication data. 2. Prepare the URL: take your complete URL, including the protocol, domain, and path, and insert a new authentication part between the protocol and domain. For instance, if your domain is https://yourdomain.com, the prepared URL would be https://-:)@yourdomain.com.

After sending this request, the browser should forget the old credentials, allowing you to refresh the page.

Alternate Solution #1

An alternative approach is to close all of your browser tabs and windows, then reopen the browser. This should trigger the authentication prompt again.

Alternate solution #2

Another option is to use an incognito window. However, this won't work if you've already logged in via an existing incognito window. In that case, close all incognito windows and then open a new one.

Answer 4

The only thing that worked for me was to add a route to my application that logs the user out and returns a 401 Http error.

In Laravel, this looked like

    Route::get('/clearbasic', function() {
        auth()->logout();
        abort(401);
    });

I can load this route and next access to the regular routes are prompted for the basic credentials.

Answer 5

From this answer, I worked out I could open Chrome Dev Tools (Ctrl+Shift+I), and paste the following into the console:

{
    const str = location.origin.replace("http://", "http://" + new Date().getTime() + "@");
    let xmlhttp;
    if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest();
    else xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    xmlhttp.onreadystatechange=function()
    {
        if (xmlhttp.readyState==4) location.reload();
    }
    xmlhttp.open("GET",str,true);
    xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6")
    xmlhttp.send();
}

The page will refresh, and the credentials will be cleared.

Answer 6

In my case (Win Chrome v100) it worked when using https://@domain.com to delete the credentials. Verify in the dev tools and querying document.URL.

Answer 7

This is a quick trick. For example you already input basic auth to url https://example.com by user1:password1. To clear it just open new tab then:

Goto: https://any:any@example.com then your password will be removed.

any:any is any string.

Answer 8

Weirdest thing, but in my case, I was trying to access a page with basic auth and Chrome was sending invalid credentials without even prompting for it. After I logged out from my LastPass plugin, everything was back to normal. So I think LastPass is starting to support Basic Auth but it's not giving the option of what password to use, it looks like it's just sending a random password for a domain that matches (which is very problematic in my case).

Thought it might help someone.

Answer 9

I was using LastPass password manager, deleting credentials in LastPass solved the issue.

Answer 10

1. Right click on your Bookmark Bar -> Add Page...
2. Set the name as Logout Basic Auth
3. Set the URL as:

javascript: (function() {
    var xmlhttp = new XMLHttpRequest();
    xmlhttp.onreadystatechange = function() {
        if (xmlhttp.readyState == 4) {
            location.reload()
        }
    };
    xmlhttp.open("GET", location.origin, true);
    xmlhttp.setRequestHeader("Authorization", "Basic aW52YWxpZDoK");
    xmlhttp.send();
    return false;
})()

4. On any webpage you need to logout of Basic Auth, click the bookmark.

Answer 11

I am using Chrome Version 83 and this is how I did it. Before following the steps make sure the tab of the site, whose Auth Details you want to delete is closed.

First, go to Settings >> Privacy and security.

Then click on Site settings option

Then click on View permissions and data stored across sites option

Search for the site whose Auth info you want to delete. In this example, I am using Stack Overflow.

Now click on the site and then click the Clear data button.

Now restart your browser and you will be asked for a fresh login. For restarting you can type chrome://restart in the address bar.

Answer 12

For Windows 10: What worked for me was clearing the credentials in the Windows Credentials in the Credential Manager.

Answer 13

Just do

https://newUsername:newPassword@example.com

...to override your old credentials.

Answer 14

I'm using Chrome 75. What I've found is that restarting Chrome doesn't work. But restarting Chrome AND opening the developer tools does work. I don't have any explanation why this should be.

Answer 15

1. Press the key combination Ctrl+Shift+Delete

2. You will see popup in chrome

3. Check the above options and click clear data and you are done.

Answer 16

For Chrome 66 I found the relevant option under:

1. Top right ... menu -> More Tools -> Clear Browsing Data
2. Click the "Advanced" tab
3. Check the "Passwords" box (and uncheck others you don't want cleared)
4. Click "Clear Data"

Using a new Incognito window is probably easier, but for those times you forget and want to clear the saved password, this does the trick without having to restart Chrome (which also works)

Answer 17

This isn't exactly what the question is asking for but in case you accidentally saved basic auth credentials and want to clear them or update them:

https://support.google.com/accounts/answer/6197437

1. Open Chrome.
2. At the top right, click More > and then Settings.
3. At the bottom, click Advanced.
4. Under "Passwords and forms," click Manage passwords.
5. Under "Saved Passwords", click Remove on the site you want to clear saved basic auth credentials.

Steps 1-4 can be quickly navigated with this link: chrome://settings/passwords

This worked in Chrome Version 59.0.3071.115

Answer 18

There is no way to do this in Chrome as yet (Chrome 58)

I have found the best solution is to open the url in an Incognito window, which will force you to re-enter the basic authentication credentials.

When you want to change the credentials, close the Incognito window and launch another Incognito window.

Answer 19

The authentication is cleared when you exit Chrome.

Note however, that by default Chrome is running apps in the background, so it may not really exit even if you close all Chrome windows. You can either change this behavior under advanced setting, or e.g. under Windows, you can completely exit Chrome by using the Chrome icon in the systray. There should be an icon if Chrome is still running, but maybe you'll find it only in the popup with the hidden icons. The context menu of the Chrome icon has an entry to completely exit Chrome, and you can also change the setting for running apps in the background using that menu.

1. Open the Chrome menu
2. Select Settings
3. Scroll to the bottom
4. Click Show advanced settings...
5. Scroll to the bottom
6. Under System uncheck the box labeled:
   Continue running background apps when Google Chrome is closed

Answer 20

It seems chrome will always show you the login prompt if you include a username in the url e.g.

http://me@example.com

This is not a real full solution, see Mike's comment below.

Answer 21

In Chrome, on the right-hand side of the URL bar when you are at a password protected URL, you should see a small key symbol. Click the symbol and it will take you directly to the Password Management area where you can remove the entry. That will ensure you receive future prompts or have an opportunity to enter a new password and save it.

If you do not see the key symbol, that same Password Management area can be accessed by going to Chrome -> Settings -> Passwords and forms -> Manage Passwords. Or more simply, this URL – chrome://settings/passwords.

Answer 22

all you need to do is to type chrome://restart in the address bar and chrome, with all its apps that are running in background, will restart and the Auth password cache will be cleaned.

Answer 23

You can open an incognito window Ctrl+Shift+n each time you are doing a test. The incognito window will not remember the username and password the last time you entered.

To use this trick, make sure to close all incognito windows. All incognito windows share the same cache. In other words, you cannot open multiple independent incognito windows. If you login in one of them and open another one, those two are related and you will see that the new window remembers the authentication information from the first window.

Answer 24

Things changed a lot since the answer was posted. Now you will see a small key symbol on the right hand side of the URL bar.
Click the symbol and it will take you directly to the saved password dialog where you can remove the password.

Successfully tested in Chrome 49

Answer 25

A lot of great suggestions here, I'll give the one that I found the most efficient:

Just change your password in the site. The old authentication will became outdated and Chrome will request it again.

Since I had a terminal open, I did a simple script to change the password and in two keypresses it were incremented.

Answer 26

Chrome uses the same Internet Options as IE.

Try opening your Internet Options and removing the URL from "Trusted Sites." This should regenerate a 401 call for credentials when you restart the browser and visit the URL again.

You may need to remove it from "Intranet Sites" as well.

Answer 27

function logout(url){
    var str = url.replace("http://", "http://" + new Date().getTime() + "@");
    var xmlhttp;
    if (window.XMLHttpRequest) xmlhttp=new XMLHttpRequest();
    else xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    xmlhttp.onreadystatechange=function()
    {
        if (xmlhttp.readyState==4) location.reload();
    }
    xmlhttp.open("GET",str,true);
    xmlhttp.setRequestHeader("Authorization","Basic YXNkc2E6")
    xmlhttp.send();
    return false;
}

Answer 28

May be old thread but thought of adding answer to help others.

I had the same issue with Advanced ReST Client App, I'm not able to clear basic authentication from Chrome neither from app. It simply stopped asking for credentials!

However, I managed to make it work by relaunching Chrome using About Google Chrome -> Relaunch.

Once Chrome is relaunched, when I accessed ReST service, it will ask for user name and password using basic authentication popup.

Hope this helps!

Answer 29

You can also do it via the settings page, chrome://chrome/settings

• Under The Hood
• Advanced Settings
• Passwords and Forms

Then click the link Manage saved passwords.

Answer 30

You should be able to clear your credentials from your browser via "Clear Browsing Data..." in chrome://settings/advanced