If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

password forget in wrong case

RESOLVED INVALID

Status

SeaMonkey
Passwords & Permissions
RESOLVED INVALID
15 years ago
13 years ago

People

(Reporter: Matus UHLAR - fantomas, Assigned: dveditz)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030122
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3b) Gecko/20030122

I have access to https://logs.nextra.sk/ with username and password. if I try to
enter directory /www.nextra.sk/ in that host, my login will be rejected (i am
not allowed to access that directory) my password is rejected and mozilla
fimediately forgets it. However i do have access to another directories with
this username and password. 

Reproducible: Always

Steps to Reproduce:
1. set up passworded directory in HTTP area which requires username and password
2. log in to that directory, tell mozilla to save the username/password.
3. set up subdirectory in directory above which rejects the username and password
4. go to that subdirectory in mozilla
Actual Results:  
the password remembered and stored in step 2. will be forgot in step 4. although
it still allows access to first directory.

Expected Results:  
mozilla should ask if user wants to forget the password, and probably ask for
another one and try to use that.
Mozilla should just forget a password if it's incorrect... But that should only
be the case for the one authentication domain.  Does that site put directories
with _different_ permissions in the _same_ authentication domain?  If so, that
seems like a major bug in the site to me...
(Reporter)

Comment 2

15 years ago
That might be the problem, I will check it.

Comment 3

15 years ago
*** Bug 195163 has been marked as a duplicate of this bug. ***
(Reporter)

Comment 4

14 years ago
It appears that different authentification domain was used. adding new
authentification domain to /www.nextra.sk/ helped.

However, now,  with mozilla-1.5, the behaviour changed:

I use the same username/password for accessing https://logs.nextra.sk/ and
subdirectories of it (different authentification domains), e.g. mentiones
/www.nextra.sk/. The password(s) used are the same, however after entering
password for /www.nextra.sk/, mozilla is unable to remember the password for /
(even if it's the same - mozilla probably doesn't check it at all), and  even if
I enter (the same) username and password for /, and check 'remember password'
button, mozilla does not remember it and keeps repeatedly asking for it.

What I want to do: 

create web https://logs.nextra.sk/ and have subdirectories in the it.
Users will be defined, each should have one login/password, but access to
different subdirectories. If you find such configuracion invalid, just tell me,
however i don't think so and think that mozilla could remember username+password
for directory and try the same for subdirectories of it.
(Reporter)

Comment 5

14 years ago
OOOPS! my mistake.

When entered the same username and password, it worked.
Now there is just one question - if we have one username and password for a
webserver in one authentication domain, whether to try the same for other
authentication domains. Since authentication domains are not hierarchical (we
can't tell which belongs to / and which to /www.nextra.sk/), the answer is
probably NO and this problem is resolved.
Product: Browser → Seamonkey

Comment 6

13 years ago
it looks like everything here is ok now (the password manager was designed to
work at the host level rather than domain)

resolving INVALID -- not a Mozilla bug
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → INVALID
(Reporter)

Comment 7

13 years ago
I agree.
The problem was in incorrect configuration, the same auth domain with different
access rights. The issue is in HTTP, not in mozilla, and even if many people may
have problem with it, mozilla can't do anything with it.
You need to log in before you can comment on or make changes to this bug.