New issue
Advanced search Search tips

Issue 914552 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Dec 17
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Auth Basic Logout No Longer Works via XMLHttpRequest

Reported by miqrogro...@gmail.com, Dec 12

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce the problem:
1. Create an Auth Basic session.
2. Create a non-accessible URL like /logout.txt
3. 
var request = new XMLHttpRequest();
request.open("get", "/logout.txt", false, "false", "false");
request.send();

What is the expected behavior?
User should be unable to continue the session without providing credentials.

What went wrong?
Chrome 70 and 71 behave as if nothing happened.  The Auth Basic session is not logged out.

Did this work before? Yes Unsure.. maybe tested this a year ago.

Chrome version: 71.0.3578.98  Channel: stable
OS Version: 10.0
Flash Version:
 
Cc: pbomm...@chromium.org
Labels: Needs-Triage-M71 Needs-Feedback
 miqrogroove@ if possible can you please provide a test URL for faster triage of the bug.
Components: Internals>Network>Auth
Could you also attach a NetLog per these instructions? Thanks!
https://www.chromium.org/for-testers/providing-network-details
I will work on that now.

To be extra clear, the problem is not limited to XMLHttpRequest.  I can reproduce the same problem by requesting any non-accessible URL.  Chrome correctly prompts me for credentials, but fails to clear the old credentials.  I can therefore continue to any other accessible URL as if the authentication error never occurred.  :(
Project Member

Comment 4 by sheriffbot@chromium.org, Dec 14

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Needs more testing.  I forgot there are some nuances when both auth basic and certificate authentication are enabled.

I'll be back...
Please close this as invalid.

Chrome is behaving as expected when I do not select a client certificate.  As for how to break the certificate session, I need to research that separately.
Components: -Blink
Cc: phanindra.mandapaka@chromium.org
Labels: Triaged-ET
Status: WontFix (was: Unconfirmed)
As per comment #6 we are closing this issue as Won't fix.
@Reporter: Please feel to raise a new issue if issue is seen in future.

Thanks..!

Sign in to add a comment