Simple Trick Experts Don't Want You To Know

I encountered a very simple way to coerce a web browser to discard the currently cached HTTP auth credentials. It's so simple, I can't believe I didn't think of it before -- or maybe I did and that memory was overwritten to store some other important information. At any rate, simply add overriding credentials to the URL. For example: https://logout:logout@secure.mcdonalds.com/all-the-secrets/

The request with bogus credentials will cause the browser discard the credentials previously cached and make a request using a HTTP header like Authorization: Basic bG9nb3V0OmxvZ291dA==. The server will respond with a HTTP/1.1 401 Unauthorized, after which valid credentials can be entered. Viola.

Up until perhaps a year ago, I had relied on the Web Developer add-on/extension for this function. Recently, I purged all non-essential browser mods, and this one didn't make the cut.

I'm having a bit of fun creating a stupid linkbait headline.