New issue
Advanced search Search tips

Issue 914552 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Dec 17
Cc:
pbomm...@chromium.org
phanindra.mandapaka@chromium.org
asanka@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Auth Basic Logout No Longer Works via XMLHttpRequest

Reported by miqrogro...@gmail.com, Dec 12 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce the problem:
1. Create an Auth Basic session.
2. Create a non-accessible URL like /logout.txt
3. 
var request = new XMLHttpRequest();
request.open("get", "/logout.txt", false, "false", "false");
request.send();

What is the expected behavior?
User should be unable to continue the session without providing credentials.

What went wrong?
Chrome 70 and 71 behave as if nothing happened.  The Auth Basic session is not logged out.

Did this work before? Yes Unsure.. maybe tested this a year ago.

Chrome version: 71.0.3578.98  Channel: stable
OS Version: 10.0
Flash Version:

Comment 1 by pbomm...@chromium.org, Dec 12

Cc: pbomm...@chromium.org
Labels: Needs-Triage-M71 Needs-Feedback
 miqrogroove@ if possible can you please provide a test URL for faster triage of the bug.

Comment 2 by davidben@chromium.org, Dec 14

Components: Internals>Network>Auth
Could you also attach a NetLog per these instructions? Thanks!
https://www.chromium.org/for-testers/providing-network-details

Comment 3 by miqrogro...@gmail.com, Dec 14 

I will work on that now.

To be extra clear, the problem is not limited to XMLHttpRequest.  I can reproduce the same problem by requesting any non-accessible URL.  Chrome correctly prompts me for credentials, but fails to clear the old credentials.  I can therefore continue to any other accessible URL as if the authentication error never occurred.  :(
Project Member

Comment 4 by sheriffbot@chromium.org, Dec 14

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by miqrogro...@gmail.com, Dec 14 

Needs more testing.  I forgot there are some nuances when both auth basic and certificate authentication are enabled.

I'll be back...

Comment 6 by miqrogro...@gmail.com, Dec 14 

Please close this as invalid.

Chrome is behaving as expected when I do not select a client certificate.  As for how to break the certificate session, I need to research that separately.

Comment 7 by tkent@chromium.org, Dec 17

Components: -Blink

Comment 8 by phanindra.mandapaka@chromium.org, Dec 17

Cc: phanindra.mandapaka@chromium.org
Labels: Triaged-ET
Status: WontFix (was: Unconfirmed)
As per comment #6 we are closing this issue as Won't fix.
@Reporter: Please feel to raise a new issue if issue is seen in future.

Thanks..!

Sign in to add a comment