microsoft · dgozman · May 13, 2020 · May 12, 2020
diff --git a/docs/api.md b/docs/api.md
@@ -574,7 +574,7 @@ await browserContext.setGeolocation({latitude: 59.95, longitude: 30.31667});
 
 Provide credentials for [HTTP authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication).
 
-To disable authentication, pass `null`.
+> **NOTE** Browsers may cache credentials that resulted in successfull auth. That means passing different credentials after successfull authentication or passing `null` to disable authentication is unreliable. Instead, create a separate browser context that will not have previous credentials cached.
 
 #### browserContext.setOffline(offline)
 - `offline` <[boolean]> Whether to emulate network being offline for the browser context.

diff --git a/test/browsercontext.spec.js b/test/browsercontext.spec.js
@@ -482,6 +482,32 @@ describe('BrowserContext.setHTTPCredentials', function() {
     expect(response.status()).toBe(401);
     await context.close();
   });
+  it.fail(true)('should update', async({browser, server}) => {
+    server.setAuth('/empty.html', 'user', 'pass');
+    const context = await browser.newContext({
+      httpCredentials: { username: 'user', password: 'pass' }
+    });
+    const page = await context.newPage();
+    let response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(200);
+    await context.setHTTPCredentials({ username: 'user', password: 'letmein' });
+    response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(401);
+    await context.close();
+  });
+  it.fail(true)('should update to null', async({browser, server}) => {
+    server.setAuth('/empty.html', 'user', 'pass');
+    const context = await browser.newContext({
+      httpCredentials: { username: 'user', password: 'pass' }
+    });
+    const page = await context.newPage();
+    let response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(200);
+    await context.setHTTPCredentials(null);
+    response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(401);
+    await context.close();
+  });
   it('should return resource body', async({browser, server}) => {
     server.setAuth('/playground.html', 'user', 'pass');
     const context = await browser.newContext({