Closed Bug 248465 Opened 20 years ago Closed 8 years ago

multiple authentication to the same site doesn't work

Categories

(Core :: Networking, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: xerxas, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8

The browser doesn't support two different authentication to the same site.
Tested on windows and on linux , with mozilla browser 1.6 , firfox 0.8 and
firefox 0.9

Reproducible: Always
Steps to Reproduce:
1. login as user1 on a web site
2. open a new window or tab
3. login as user2 on the same site
4. Go back to the user1 window and Press refresh or any link

Actual Results:  
You will be logged as user2

Expected Results:  
Mozilla should allow multiple authentication to the same site

I think this is really a usefull feature:
I can do logout, but in some web applications you sometime need to be as admin
or as user both at the same time(e.g: Zope). Its boring to log in and out every
minutes when you're doing administration or web application developpement.

*** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
(In reply to comment #1)
> 
> *** This bug has been marked as a duplicate of 117222 ***
This doeesn't seem to be a cookie issue:
I've setup a test:
http://xerxas.is-a-geek.net/bugzilla/test.php
log in as bob/bob
Then open a new tab on http://bill@xerxas.is-a-geek.net/bugzilla/test.php with
password bill
Then go back to the previous tab and do a refresh.

Here is the  content of my test.php:
# cat test.php
<?php
        echo $_SERVER['REMOTE_USER']
?>

I don't think this uses cookies, right ? 
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
you gave orkut as example. that one does use cookies. I don't know what Zope uses.

hmm, I can't find an existing bug on this.

personally, I like it that mozilla caches the auth data. what you want
effectively disables that caching.
Severity: normal → enhancement
(In reply to comment #3)
> you gave orkut as example. that one does use cookies. I don't know what Zope uses.

Zope doesn't cookies, but it's not really important , I said wrong things and I
shouldn't talk about orkut.

> personally, I like it that mozilla caches the auth data. what you want
> effectively disables that caching.
I also like that mozilla caches the auth data and I don't think that this
feature should disable it.
This feature should instead selectively cache the auth data whether you logged
in several times or not.
From a user point of view, I don't think the actual behaviour is the intended one.
When I let some friends use my computer to see their orkut account they notice
this as boring (This bug has nothing to do with orkut but the baheviour is
typically the same). I also noticed this as ennoying when working on zope.
so when I load the page in the same window again, the cached auth data should be
reused, but not when I laod a page in a different window?

what if I follow a link to an auth-protected page in the same realm in a new
window? surely that should send the auth data w/o asking?
(In reply to comment #5)
> so when I load the page in the same window again, the cached auth data should be
> reused, but not when I laod a page in a different window?
> 
> what if I follow a link to an auth-protected page in the same realm in a new
> window? surely that should send the auth data w/o asking?

I don't know that this problem needs fixed, it is by design.  But I thought I
point out how IE deals with this problem.  If you open a new instance of IE by
pressing the IE icon again, then it does not share the auth cache.   Actually it
is a completely seperate IE process so no in memory information is shared at
all. To my knowledge using multiple Mozilla processes at the same time with the
same profile is currently not advised (Correct me if I'm wrong).  But in a
user's mind relaunching the app (as apposed to clicking Cntrl-N, or using the
gui to create a new window) makes a clear distinction between the Moz instances.
    
> To my knowledge using multiple Mozilla processes at the same time with the
> same profile is currently not advised (Correct me if I'm wrong).

You are correct.
(In reply to comment #5)
> so when I load the page in the same window again, the cached auth data should be
> reused, but not when I laod a page in a different window?
No , it should be used or overwritten: If I login as another user, on the same
realm, cached auth data must be overwritten for this window, but not others.
> 
> what if I follow a link to an auth-protected page in the same realm in a new
> window? surely that should send the auth data w/o asking?
Yep , and it will do it, only If I want to login as another user I must login
again. Maybe windows should have an option that allows us to use the browser
cached auth data, or create a new instance of auth data for this windows only,
which herits from the global ones.

How we should handle this is not really clear, but I think that what the users
waits for is really clear: User want to transparently be able to login multiple
times to the same site, within windows or tabs, without being asked for his
password each time he opens a new tab on realms where he has already logged-in.
No matter if he opens a new window, tab, or whatever. IE also handles this
strangely and we don't need to stick to IE behaviour for this.
Do you agree ?  Do you think of another behaviour ? 
I use firefox for my daily work with zope and have the same problem, so I can
specify my requirements precisely. I would be deeply grateful for the following
features:
- the ability to store multiple login credentials per site
- a change of the login dialog so that it has a dropdown list for the different
login names. The last one used should be selected by default, so there is no
significant difference to the current UI behaviour for users that don't need
this feature.
- the cached auth data should be used within the same site (or whatever was the
mechanism up to now) when following links, regardless whether within the same
tab/window or a new one. Otherwise the user should be asked for login and
password, e.g. when opening a new tab/window and choosing the URL from the
bookmarks or entering it manually.
This is an automated message, with ID "auto-resolve01".

This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.

While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.

If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.

The latest beta releases can be obtained from:
Firefox:     http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey:   http://www.mozilla.org/projects/seamonkey/
This bug is still unconfirmed, we should change it to new or delete it.
Anyway, I would really appreciate to have this feature.
-> reassign to default owner
Assignee: darin.moz → nobody
QA Contact: benc → networking
this is a niche use case that private browsing is usually used to manage..
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.