23464 - [RFE] Being able to see which sites I'm currently authenticated for.

Status: VERIFIED WONTFIX

(SeaMonkey :: Passwords & Permissions, enhancement, P3)

Description

[Henrik Gemal]

Like being able to see the current cookies, it would be super-cool if it was
possible to see what sites that I currently had authentication for.
That if I logged into three authenticated sites, it would be possible to see
which sites (name, description, url, etc) and to kill the authentication for a
site. Then the next time I accessed the authenticated site that I just killed I
would have to enter username and password again.
An advanced edition of http://bugzilla.mozilla.org/show_bug.cgi?id=23434

Comment 1

[Stephen P. Morse]

Sounds like a nice feature but it has some practical problems.  Although we
could tell you which sites you asked to be authenticated for, we can't tell you
which sites you still have authentication.  That's because it's up to the site
to determine that.  Some sites might have a timeout and the client would have no
way of knowing if or when we've been timed out.

Second technical problem is how to actually kill the authentication.  Is there
an http request that you send to sites to say de-authenticate?  How is it that
you get de-authenticated when you close the browser?  I suppose there is a way
to do it -- I'm just not that familiar with http to know what it is.

If you could solve these problem, the best place to put this would be in the
signon-viewer which currently shows which authentications are being saved for
you so.  We could add another field on that viewer to show which of the
remembered authentications are currently active.  Or it could be displayed as a
separate tab in that viewer (there already are several tabs there).

It need not be just http authentication.  We could also display the sites for
which you have ftp authentication.  Also the sites for which you have simply
submitted a log-in form during the current session.

Because of the the technical problems noted above, I'm going to mark this as
won't-fix.  If someone has a solution to the problems and has the time to
implement this, I think it would be a great feature.

Comment 2

[Stephen P. Morse]

Sounds like a nice feature but it has some practical problems.  Although we
could tell you which sites you asked to be authenticated for, we can't tell you
which sites you still have authentication.  That's because it's up to the site
to determine that.  Some sites might have a timeout and the client would have no
way of knowing if or when we've been timed out.

Second technical problem is how to actually kill the authentication.  Is there
an http request that you send to sites to say de-authenticate?  How is it that
you get de-authenticated when you close the browser?  I suppose there is a way
to do it -- I'm just not that familiar with http to know what it is.

If you could solve these problem, the best place to put this would be in the
signon-viewer which currently shows which authentications are being saved for
you so.  We could add another field on that viewer to show which of the
remembered authentications are currently active.  Or it could be displayed as a
separate tab in that viewer (there already are several tabs there).

It need not be just http authentication.  We could also display the sites for
which you have ftp authentication.  Also the sites for which you have simply
submitted a log-in form during the current session.

Because of the the technical problems noted above, I'm going to mark this as
won't-fix.  If someone has a solution to the problems and has the time to
implement this, I think it would be a great feature.

Comment 3

[Eli Goldberg]

Bulk move to Single Signon component, which has subsumed Password Cache.

Comment 4

[shrirang khanzode]

sorry for the spam, changing QA contact.

Comment 5

[sairuh (rarely reading bugmail)]

verif.

Comment 6

[Brant Gurganus]

[RFE] is deprecated in favor of severity: enhancement.  They have the same meaning.