Proxy session control via username change seems to be too difficult

[Jakob]

It is common practice for proxy companies to use session IDs inside the proxy user credential string to provide session control and keep the same IP for multiple requests.

Quick example using an Oxylabs proxy (one of the biggest proxy networks):

Host and port are static: "pr.oxylabs.io:7777"

The proxy user credentials are dynamic: "customer-USERNAME-sessid-randomString123:PASSWORD"

Switching the "randomString123" in front of the "sessid" changes your session and with that also your IP.

Now here comes the problem with using these proxy sessions inside your chrome extension:

Once you set your proxy via "chrome.proxy.settings.set" and submit your user credentials via "chrome.webRequest.onAuthRequired.addListener" Chrome will no longer ask for new user credentials. It saves your user credentials/session ID/IP for the currently set proxy host and keeps using them.

How do we force a re-authentication of the proxy so we can submit a new username and switch our session/IP?

Here's all the possible solutions I found:

1. Setting your proxy again via "chrome.proxy.settings.set" won't force a re-authentication because the host is the same. But you could modify the host a bit for example by putting a dot at the very end "pr.oxylabs.io" -> "pr.oxylabs.io.". I don't think many modifications here are possible though and Chrome will save your credentials for each one of them again anyway.
2. You can force a re-authentication for a domain by deleting all cookies from that domain via "chrome.browsingData.removeCookies". But this solution is obviously very impractical because cookies are very important.
3. From some people I heard you could restart your "chrome.webRequest.onAuthRequired.addListener" to force a re-authentication. This somehow didn't work for me and it also leaves a lot of room for errors.
4. You can force a re-authentication for a domain by deleting stored password data via "chrome.browsingData.removePassword". You don't have to clear all password data but only the one since your last proxy authentication. This wouldn't be a totally bad solution. Deleting your password data to get rid of your last set proxy password makes sense but there's one huge downside to this: Doing this somehow cancels all currently ongoing network requests. Websites freeze while loading and don't really handle it very well.

I wasn't able to find any more solutions. If you know another solution please let me know.

So far for me it looks like there's not a single proper lightweight solution to force a proxy re-authentication in order to do what basically all major proxy providers make use of: Controlling your session via the username string.

It would be really useful if we could have a "chrome.proxy" method to delete our currently saved proxy authentication details.

Let me know what you think or if you have any questions.

[hrg...@gmail.com]

What happens if you submit a wrong username and/or password?

Does the browser still saves them and reuse them?

If it does, then this could be filed as a bug because there has to be a way for the user to correct a mistake.