Closed Bug 302467 Opened 19 years ago Closed 2 years ago

Pre-fill the username just attempted after HTTP authentication fails

Categories

(Toolkit :: Password Manager, enhancement, P5)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 227632

People

(Reporter: KlausRusch, Unassigned)

Details

(Whiteboard: [passwords:http-auth]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716

Currently when the authentication with the stored userid and password fails
(that is, the server does not accept the presented credentials) Mozilla clears
both the userid and password fields.

Mozilla should only clear the password field and let the user choose another
password, but remember the userid, which is most likely unchanged.

Reproducible: Always
Assignee: dveditz → nobody
This has seen no action since 2005-07-28.

Please note, that currently some sites use cookies to save the username entered and you are redirected to an "incorrect login" page to try to login again.

Currently, password manager will store the username and password, even if incorrect.  However, if the site is coded to do redirect to another page, password manager will see this as another site.

I have tested multiple login sites.  Some save the username, some let password manager fill in the username and password, and some clear both fields.  It depends on the sites individual security policy implementation for incorrect logins.

Since this bug has received no action in almost two years, I am resolving it as WORKSFORME.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
I assume from your comment that you are referring to userids and passwords in input (text and hidden) fields, whereas I was referring to basic authentication, where the site has no control over how Mozilla stores userid and password information.

For basic authentication prompts, Mozilla does clear both userid and password when the credentials are no longer valid.
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
Component: Passwords & Permissions → Password Manager
Product: SeaMonkey → Toolkit
QA Contact: password.manager
I confirmed we still don't remember the username that was attempted but I also don't know if it's a good idea to fix this since users may think that it's implied that the username was correct when it may have actually been the only problem.
OS: Windows XP → All
Hardware: x86 → All
Summary: Feature request: Remember userid even when authentication fails → Pre-fill the username just attempted after HTTP authentication fails
Whiteboard: [passwords:http-auth]
Priority: -- → P5

Given the point made in comment #3 - we dont know if it was the username or password which was wrong - do we actually want to do this at all? My vote is wontfix, I don't see the value. A better fix/mitigation might be offering a menu of saved logins for this origin+realm (bug 227632)

Severity: normal → S3
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago2 years ago
Duplicate of bug: 227632
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.