cros: Clear secret when it is no longer needed.

chrome/browser/chromeos/login/session/user_session_manager.cc

Index: chrome/browser/chromeos/login/session/user_session_manager.cc
diff --git a/chrome/browser/chromeos/login/session/user_session_manager.cc b/chrome/browser/chromeos/login/session/user_session_manager.cc
index a760b37e23eb63283863f10eb69bea1a6e98576a..bd6bfa911d1ae6f8d6ed823ad18abc310e139370 100644
--- a/chrome/browser/chromeos/login/session/user_session_manager.cc
+++ b/chrome/browser/chromeos/login/session/user_session_manager.cc
@@ -796,6 +796,7 @@ void UserSessionManager::FinalizePrepareProfile(Profile* profile) {
     delegate_->OnProfilePrepared(profile);
 
   UpdateEasyUnlockKeys(profile);
+  user_context_.ClearSecrets();
 }
 
 void UserSessionManager::InitSessionRestoreStrategy() {
@@ -1003,6 +1004,13 @@ void UserSessionManager::UpdateEasyUnlockKeys(Profile* user_profile) {
   if (user_context_.GetUserType() != user_manager::USER_TYPE_REGULAR)
     return;
 
+  // Bail if |user_context_| does not have secret.
+  if (user_context_.GetKey()->GetSecret().empty()) {
+    // Nagging if this is not crash restore case.
+    DCHECK(user_sessions_restored_);
+    return;
+  }
+
   // |user_context_| and |user_profile| must belong to the same user.
   DCHECK_EQ(SigninManagerFactory::GetForProfile(user_profile)
                 ->GetAuthenticatedAccountId(),