Closed Bug 378378 Opened 17 years ago Closed 14 years ago

password manager stores unnecessary info and creates multiple login records

Categories

(SeaMonkey :: Passwords & Permissions, defect)

Product:
SeaMonkey
Component:
Passwords & Permissions
Version:
SeaMonkey 1.1 Branch
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: lmironov, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070222 SeaMonkey/1.1.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070222 SeaMonkey/1.1.1

For web pages where a single form is used both for authentication and data entry password manager stores all available form fields which causes the following problems:

1. Every change of each field causes password manager to create a new record for the site. URL mentioned in this bug report posts messages to a web board (note: it is in Russian). Post 10 messages with 10 different subjects and you'll get 10 password manager records for the same site with identical login and password. Every time you visit this page Mozilla will prompt you to select one of 10 password manager records.

2. Password manager saves and restores form data unrelated to passwords, in this example - message subjects and urls - a 'dynamic' data which changes with every message. Restoring it in new messages is at best useless and at worst can be embarrassing or even harmful. Restoring form data other than passwords is the function of the form manager, not of the password manager (BTW turning form manager on or off does not affect the occurrence of this bug)

Mozilla 1.1 for OS/2 is also affected.

Below is a section of my password file - all form data is stored there, not just login and password.

http://garusev.df.ru
login
xxx
*pass
xxx
email
xxx
subj
xxx
url
xxx
urltitle
xxx
img
xxx
.

Reproducible: Always

Steps to Reproduce:
prerequisites: password manager should be on (privacy and security-password-remember passwords), no records for http://garusev.df.ru should be present in the password manager file

1. go to http://garusev.df.ru/cgi-bin/wtboard.cgi?fid=0&root=on
2. post a message with subject1, confirm storing password
3. go to http://garusev.df.ru/cgi-bin/wtboard.cgi?fid=0&root=on
4. post a message with subject2
5. go to http://garusev.df.ru/cgi-bin/wtboard.cgi?fid=0&root=on again
Actual Results:  
a dialog box prompting to select on of the two logins pops up, selecting 1st or 2nd restores not just login and password bu also message subject to subject1 or subject2 respectively. Checking password manager reveals that two records for the same site have been created

Expected Results:  
no dialog box, login and password are restored, message subject and all other fields except login and password are not restored, only one password manager record is created
Suite-only, Firefox's password manager handles this correctly.
Assignee: dveditz → nobody
Can you reproduce with SeaMonkey v1.1.9 ?
Version: unspecified → SeaMonkey 1.1 Branch
Oh YES, and it is quite annoying. There are more sites which have extra form fields on login screen e.g. http://thebox.bz - login, password and captcha, 
Based on comment 1 this bug is invalidated by the move to the new toolkit forms-history manager (also used by Firefox) in SeaMonkey 2.0
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.