Note that 'active logins' apply to servers that use basic HTTP authentication. Website normally use a cookie to store a session ID that is send to the server to authenticate you. Such a cookie can be stored in cookies.sqlite if this cookie is a persistent cookie and not a session cookie that expires automatically.

• https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

> Note that 'active logins' apply to servers that use basic HTTP authentication. > Website normally use a cookie to store a session ID that is send to the server to authenticate you.

I'm not quite sure how exactly the logon/logoff the service is carried out, but as soon as I clear the history with the 'active logins' ticked I'm truly logged off the service. I can see cookies being involved but if I clear all of them + site data I'm still not logged out until browser is closed and reopened..

Here is a bit more info on what I'm facing.

I want to use a service (SP) that uses SAML SSO with ADFS (IDP) setup by the IT. Once I visit the SP web page I need to authenticate in order to see any content. I get redirected to IDP server and am presented with a browser based login form (see attachment). As soon as I provide credentials I'm redirected back to SP and allowed to browse the pages. When I log out it looks like I'm logged out but as soon as I visit the same SP page, that earlier redirected me to provide credentials on IDP, I get in and I'm logged in without as if I had not logged out at all.

I do not like that - I want to really log out of the SP and then presented with the login form again.

The only way to get really logged out is first logging out and then closing the browser. Not really an option for me; I do not want to be closing browser to log out of a service.

Hence I'm looking for ways to be logged out without browser restart and trying to understand what is actually happening under the hood with, as it looks like, credentials being pulled out of nowhere after performing logout.

Coming back to the initial question since, the response from the server initially gives 401 status and has "WWW-Authenticate: Negotiate NTLM" that led me to think that basic authentication has something to do with this. I've been reading about the matter since and am now a bit more informed.

Even if my goal can not be achieved by just doing client side things I would like to understand better how the whole process plays out (might even consider suggesting to IT to look into this if it is server side solution related).

Given everything that was said; Are active logins saved in a file or are they just something kept in memory until the browser is shut down?