Forget me, Gmail!
May 26, 2017 3:38 PM Subscribe
Gmail's new login no longer seems to have the option to completely log me out. How can I fix that?
Gmail recently switched to a new login screen (I don't know if it's been pushed out all at once or piecemeal, but it showed up today for me). The older version had an option as you were logging in to check a box to prevent gmail from remembering anything about your login (mainly, your username). That way, when I logged out, but stayed on the login start page, I would have to re-enter both my username and password, and also if I closed my browser and reopened it to gmail, I would still have to enter in both my username and password.
On this new version, I can skirt around the issue after logging out by clicking the down arrow next to my name and selecting "use another account," but if I close my browser and reopen it to gmail.com, my name (and email address and picture) shows up already filled in and ready for my password.
I want to remove that completely, so that every single time I want to log in to gmail, I have to enter in my username and password.
I'm hoping this is an easy fix. I tried looking in their new help files for this new login, but did not see an option for what I want. I suspect I could set up my browser to delete all cookies every time I close it, but that's not my preference.
If it matters, I use Windows (7 at home, 10 at work) and Chrome.
Gmail recently switched to a new login screen (I don't know if it's been pushed out all at once or piecemeal, but it showed up today for me). The older version had an option as you were logging in to check a box to prevent gmail from remembering anything about your login (mainly, your username). That way, when I logged out, but stayed on the login start page, I would have to re-enter both my username and password, and also if I closed my browser and reopened it to gmail, I would still have to enter in both my username and password.
On this new version, I can skirt around the issue after logging out by clicking the down arrow next to my name and selecting "use another account," but if I close my browser and reopen it to gmail.com, my name (and email address and picture) shows up already filled in and ready for my password.
I want to remove that completely, so that every single time I want to log in to gmail, I have to enter in my username and password.
I'm hoping this is an easy fix. I tried looking in their new help files for this new login, but did not see an option for what I want. I suspect I could set up my browser to delete all cookies every time I close it, but that's not my preference.
If it matters, I use Windows (7 at home, 10 at work) and Chrome.
Maybe block cookies for the Gmail site? (Or set your browser to erase cookies after each session, if totally blocking them causes problems.)
posted by Umami Dearest at 7:42 PM on May 26, 2017
posted by Umami Dearest at 7:42 PM on May 26, 2017
Use the down arrow and choose "sign out of all accounts."
posted by Oyéah at 9:25 PM on May 26, 2017 [1 favorite]
posted by Oyéah at 9:25 PM on May 26, 2017 [1 favorite]
Incognito/inPrivate/Private window mode. It requires the discipline to do that before logging in (but then checking the box on the old login screen did too) but it works on any machine with at most a couple of clicks.
And there are extensions to go incognito automatically for specific sites so you wouldn't even have to remember on your own machine.
posted by Mitheral at 9:44 PM on May 26, 2017 [1 favorite]
And there are extensions to go incognito automatically for specific sites so you wouldn't even have to remember on your own machine.
posted by Mitheral at 9:44 PM on May 26, 2017 [1 favorite]
I suspect I could set up my browser to delete all cookies every time I close it, but that's not my preference.
For me, this issue matters because it messes with KeePass, my preferred password manager. KeePass works by sending a fixed set of simulated keypresses to the browser, and if the browser isn't expecting the same things every time then that doesn't work.
Telling the browser not to remember login credentials on its own is enough to deal with 99% of sites but not Google, oh no, they're special.
I've dealt with it in Firefox by using right-click -> View Page Info -> Permissions on the Google sign-in page, and changing Set Cookies from Use Default to Allow For Session. That means that I get logged out of Google every time I close the browser, which is what I want for KeePass, but it doesn't affect other sites like MeFi whose cookies I would rather see persist across sessions.
If you want more explicit control than that, you can add a bookmarklet to your BookMarks Toolbar that kills all the current page's cookies when you click it, and use that instead of GMail's inbuilt Logout. Here's one from Timothy Brady that looks like it will do the job.
posted by flabdablet at 5:09 AM on May 27, 2017 [1 favorite]
For me, this issue matters because it messes with KeePass, my preferred password manager. KeePass works by sending a fixed set of simulated keypresses to the browser, and if the browser isn't expecting the same things every time then that doesn't work.
Telling the browser not to remember login credentials on its own is enough to deal with 99% of sites but not Google, oh no, they're special.
I've dealt with it in Firefox by using right-click -> View Page Info -> Permissions on the Google sign-in page, and changing Set Cookies from Use Default to Allow For Session. That means that I get logged out of Google every time I close the browser, which is what I want for KeePass, but it doesn't affect other sites like MeFi whose cookies I would rather see persist across sessions.
If you want more explicit control than that, you can add a bookmarklet to your BookMarks Toolbar that kills all the current page's cookies when you click it, and use that instead of GMail's inbuilt Logout. Here's one from Timothy Brady that looks like it will do the job.
posted by flabdablet at 5:09 AM on May 27, 2017 [1 favorite]
As you were. I just tested that against Google's current sign-in page and they do indeed seem to have made a recent change that screws it up. Bastards!
BRB. Researching.
posted by flabdablet at 5:16 AM on May 27, 2017
BRB. Researching.
posted by flabdablet at 5:16 AM on May 27, 2017
Why the page changed
The new sign-in page:
Has a cleaner, simpler look.
Makes the sign-in process faster.
Is consistent across computers, phones, and tablets.
...which is a flat lie, because it doesn't make the sign-in process faster at all: my old KeePass auto-type sequence for Gmail was {USERNAME}{ENTER}{DELAY 2000}{PASSWORD}{TAB}{TAB}{SPACE} but these new sign-in arrangements need at least {DELAY 4000} to avoid the password getting lost during page change. So this is yet another pointless irritating workflow-breaking Google UI change for the sake of pure cosmetics. I am so glad I jumped ship to Fastmail for my day-to-day email account.
And where the hell are they remembering my Google username, if not in a cookie? Still researching.
posted by flabdablet at 5:23 AM on May 27, 2017
The new sign-in page:
Has a cleaner, simpler look.
Makes the sign-in process faster.
Is consistent across computers, phones, and tablets.
...which is a flat lie, because it doesn't make the sign-in process faster at all: my old KeePass auto-type sequence for Gmail was {USERNAME}{ENTER}{DELAY 2000}{PASSWORD}{TAB}{TAB}{SPACE} but these new sign-in arrangements need at least {DELAY 4000} to avoid the password getting lost during page change. So this is yet another pointless irritating workflow-breaking Google UI change for the sake of pure cosmetics. I am so glad I jumped ship to Fastmail for my day-to-day email account.
And where the hell are they remembering my Google username, if not in a cookie? Still researching.
posted by flabdablet at 5:23 AM on May 27, 2017
OK. They're still using cookies, but those cookies have the HttpOnly attribute set, which means that Javascript (including bookmarklets) can't see or modify or remove them.
Firefox extensions can, apparently: after installing Remove Cookie(s) For Site and using Customize to add its cookie icon to a toolbar, clicking that at the Google login page does indeed make it forget who I am (though you have to reload the page to make that fact apparent).
There's a RemoveCookiesForSite add-on available for Chrome that I would try as well, if I were currently sitting at a computer with Chrome on it. OP, perhaps you could install that and report back?
posted by flabdablet at 6:05 AM on May 27, 2017 [1 favorite]
Firefox extensions can, apparently: after installing Remove Cookie(s) For Site and using Customize to add its cookie icon to a toolbar, clicking that at the Google login page does indeed make it forget who I am (though you have to reload the page to make that fact apparent).
There's a RemoveCookiesForSite add-on available for Chrome that I would try as well, if I were currently sitting at a computer with Chrome on it. OP, perhaps you could install that and report back?
posted by flabdablet at 6:05 AM on May 27, 2017 [1 favorite]
As a Web developer who has to clear cookies a lot to test things, I use the EditThisCookie extension a lot. Just click on the cookie icon, then the trash can. Boom, your cookies for the current domain are gone (even "HttpOnly" ones!).
And where the hell are they remembering my Google username, if not in a cookie?
The LocalStorage API can be used in place of cookies, with the disadvantage of being inaccessible without using Javascript.
posted by neckro23 at 6:56 AM on May 27, 2017 [2 favorites]
And where the hell are they remembering my Google username, if not in a cookie?
The LocalStorage API can be used in place of cookies, with the disadvantage of being inaccessible without using Javascript.
posted by neckro23 at 6:56 AM on May 27, 2017 [2 favorites]
Response by poster: There's a RemoveCookiesForSite add-on available for Chrome that I would try as well, if I were currently sitting at a computer with Chrome on it. OP, perhaps you could install that and report back?
I tried a couple of the suggestions listed here (kind of all at once, so I may be a little confused on which action did what). I installed the RemoveCookiesForSite, which sort of seems to work. If I click the extension before signing out, then sign out, it doesn't seem to do anything. If I sign out, then click the extension, then refresh the page, it works. Refreshing seems to be key.
I also tried Incognito mode, which didn't seem to do anything different from the regular browser, especially when used in conjunction with the RemoveCookiesForSite.
Use the down arrow and choose "sign out of all accounts."
This wasn't an option (as written in one step) for me. However, I could click the down arrow, click "Remove an account," select my name, confirm yes that I want to remove, and that would remove it. 4 more steps than I'd prefer, but yes, it's an option.
A new hiccup arose, however, probably because all of the cookies being removed: Removing Google's ability to remember my username means that I need to do my 2-step authentication every time I log in now. I guess that makes sense, but it certainly makes this log in process more complicated rather than less. Is there any workaround for the browser remembering me just enough so I don't need to authenticate myself every time, but not remembering my user name? I suspect no, but am hopeful.
posted by lea724 at 7:53 AM on May 29, 2017
I tried a couple of the suggestions listed here (kind of all at once, so I may be a little confused on which action did what). I installed the RemoveCookiesForSite, which sort of seems to work. If I click the extension before signing out, then sign out, it doesn't seem to do anything. If I sign out, then click the extension, then refresh the page, it works. Refreshing seems to be key.
I also tried Incognito mode, which didn't seem to do anything different from the regular browser, especially when used in conjunction with the RemoveCookiesForSite.
Use the down arrow and choose "sign out of all accounts."
This wasn't an option (as written in one step) for me. However, I could click the down arrow, click "Remove an account," select my name, confirm yes that I want to remove, and that would remove it. 4 more steps than I'd prefer, but yes, it's an option.
A new hiccup arose, however, probably because all of the cookies being removed: Removing Google's ability to remember my username means that I need to do my 2-step authentication every time I log in now. I guess that makes sense, but it certainly makes this log in process more complicated rather than less. Is there any workaround for the browser remembering me just enough so I don't need to authenticate myself every time, but not remembering my user name? I suspect no, but am hopeful.
posted by lea724 at 7:53 AM on May 29, 2017
Best answer: I installed the RemoveCookiesForSite, which sort of seems to work. If I click the extension before signing out, then sign out, it doesn't seem to do anything. If I sign out, then click the extension, then refresh the page, it works. Refreshing seems to be key.
That's pretty much the expected behaviour. RemoveCookiesForSite kills cookies belonging to the site whose page is currently open, which would be mail.google.com while you're actually logged in to Gmail. However, the cookie you actually want to kill belongs to accounts.google.com, which is where Google takes you after signing out or before signing in.
Clicking the extension while on accounts.google.com is the step that actually does the forgetting, but just killing a cookie makes no visible changes to the page your browser has already rendered so you won't actually see that you've been forgotten until that page gets reloaded. Refreshing does that, but you'll also find that if you click the cookie, then close the browser without refreshing, you will indeed be prompted for your username next time you go to sign in.
Is there any workaround for the browser remembering me just enough so I don't need to authenticate myself every time, but not remembering my user name? I suspect no, but am hopeful.
The specific accounts.google.com cookie responsible for remembering your username appears to be named ACCOUNT_CHOOSER. There's only one other accounts.google.com cookie left behind after doing a normal Gmail signout as far as I can see, and its name is GAPS. Various other Google domains also leave GAPS cookies behind. My best guess is that GAPS stands for Google Authenticator Psomething Something, and that there is indeed a moderately good chance that if you find a way to remove ACCOUNT_CHOOSER but leave GAPS in place then your 2FA won't re-trigger.
On Firefox there's an intricate little dance that starts with right-click -> Page Info that lets you do that and I would expect Chrome to have something similar, but it's not quick. I've verified that simply removing ACCOUNT_CHOOSER is indeed enough to get the username prompt back, but I don't use 2FA with my Gmail account because KeePass, and I don't currently have access to Chrome either.
Perhaps you might want to investigate whether you have some tolerably short set of steps available via the EditThisCookie extension that neckro23 recommended? If not, perhaps my next project is learning how to write a Chrome extension and implementing ForgetMeGoogle.
posted by flabdablet at 7:55 PM on May 29, 2017
That's pretty much the expected behaviour. RemoveCookiesForSite kills cookies belonging to the site whose page is currently open, which would be mail.google.com while you're actually logged in to Gmail. However, the cookie you actually want to kill belongs to accounts.google.com, which is where Google takes you after signing out or before signing in.
Clicking the extension while on accounts.google.com is the step that actually does the forgetting, but just killing a cookie makes no visible changes to the page your browser has already rendered so you won't actually see that you've been forgotten until that page gets reloaded. Refreshing does that, but you'll also find that if you click the cookie, then close the browser without refreshing, you will indeed be prompted for your username next time you go to sign in.
Is there any workaround for the browser remembering me just enough so I don't need to authenticate myself every time, but not remembering my user name? I suspect no, but am hopeful.
The specific accounts.google.com cookie responsible for remembering your username appears to be named ACCOUNT_CHOOSER. There's only one other accounts.google.com cookie left behind after doing a normal Gmail signout as far as I can see, and its name is GAPS. Various other Google domains also leave GAPS cookies behind. My best guess is that GAPS stands for Google Authenticator Psomething Something, and that there is indeed a moderately good chance that if you find a way to remove ACCOUNT_CHOOSER but leave GAPS in place then your 2FA won't re-trigger.
On Firefox there's an intricate little dance that starts with right-click -> Page Info that lets you do that and I would expect Chrome to have something similar, but it's not quick. I've verified that simply removing ACCOUNT_CHOOSER is indeed enough to get the username prompt back, but I don't use 2FA with my Gmail account because KeePass, and I don't currently have access to Chrome either.
Perhaps you might want to investigate whether you have some tolerably short set of steps available via the EditThisCookie extension that neckro23 recommended? If not, perhaps my next project is learning how to write a Chrome extension and implementing ForgetMeGoogle.
posted by flabdablet at 7:55 PM on May 29, 2017
« Older I want to cruise to Alaska or the Mediterranean (E... | How do I get a job that I'm totally overqualified... Newer »
This thread is closed to new comments.
posted by kickingtheground at 3:54 PM on May 26, 2017 [1 favorite]