Why does Safari retain login information after clearing cookies and history, even after full reset?

4

Safari appears to retain login information, site preferences, or cookies even after clearing history, cache, cookies, etc. I even tried Reset Safari..., which I understand should restore Safari to it's original state retaining no history, etc. Plus, I set the default page to be an Empty Page. Despite all it appears that at least StackExchange still recognizes me and is able to re-login automatically with my credentials.

Give it a try yourself. Login to a stackexchange site... say superuser.com, then without clicking the logout button, visit another site. Now do all of the above to Safari, Empty Cache... Reset Safari... go into preferences -> Security and clear all cookies, then adjust preferences to startup on an Empty Page, heck, shutdown Safari and restart your computer. Now, relaunch Safari. It should startup on an empty page. Now visit superuser.com... wait for it... tadda! Superuser.com recognizes you and logs you in!! This is unexpected behavior and different from any other browser. One would expect that clearing cookies would have been enough to require that you re-enter login information.

So, what's up here? Doesn't this hint that despite clearing privacy information, sites can still recognize thus "follow" you by some other means... or that Safari simply isn't doing what you ask it to do, clear cookies and cache.

Michael Prescott

Posted 2011-05-16T15:15:57.063

Reputation: 3 351

Check your keychains in /Applications/Utilities/Keychain Access.app and look for entries related to the web site in question. – Daniel Beck – 2011-05-16T15:52:33.977

Thanks, good idea. I cleared all internet passwords from Keychain Access. Also cleared something called Safari Form for good measure though I doubt it is related. I did notice that only a few sites, which I recall explicitly storing in the keychain were listed. Anyhow, after doing that I reset Safari and like magic, it still automatically logs into stackexchange sites. There is no doubt that it has stored the site login somewhere besides in the cookies or keychain and expected menu items are not clearing it. – Michael Prescott – 2011-05-16T18:17:17.560

Have you checked your Flash cookies? – Daniel Beck – 2011-05-16T18:28:56.697

Damn. I was so close ;) – Daniel Beck – 2011-05-16T18:45:23.237

Answers

2

Because the site is taking advantage a feature in newer browsers called HTML5 LocalStorage.

I discovered this when I pulled out my old proxy and started watching the traffic. Turns out the authentication is happening with stackauth.com instead of my preferred openID site. Just curious, I visited the url and found the answer there.... StackExchange is using HTML5 LocalStorage! SWEET! Now apparently Firefox also supports HTML5 LocalStorage, but I'm betting that when you tell Firefox to clear history, cache, etc. it probably clears the localstorage data. Safari on the other hand doesn't seem to offer such respect. Here's a guy telling how to clear its localstorage: http://dotclue.org/archives/003639.html

Michael Prescott

Posted 2011-05-16T15:15:57.063

Reputation: 3 351

Asked: 2011-05-16T15:15:57.063

Viewed: 3 028 times

Active: 2015-12-17T14:06:56.053