HTTP Basic Auth and the Browser
Mar 24, 2024
❯
Today I remembered that it's not possible to traditionally log out of a website if HTTP basic authentication is used to login.
Basic auth credentials are transmitted with each and every request by the browser. Hence why you cannot traditionally log out without closing the browserAs soon as the browser prompts for credentials and the user logs in, those credentials are cached sent with every subsequent request until the browser is closed or restarted. The more you know ✨