Closed Bug 381169 Opened 17 years ago Closed 9 years ago

support multiple formSubmitURLs for a login

Categories

(Toolkit :: Password Manager, enhancement)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1147563

People

(Reporter: mike.cohler, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4pre) Gecko/20070512 BonEcho/2.0.0.4pre
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4pre) Gecko/20070512 BonEcho/2.0.0.4pre

The webmail site which I quote above is the front end mail server which asks the user to fill the username and password and this can be saved in firefox.

Once the passwords are filled the front-end server passes the form to one of two back-end servers selected at random for load sharing.

If the user logs out then the next time the user logs in the password only autofills if the same back-end server as previously is selected. If the system passes the form to the alternative back-end server then the password does not autofill.

The fix is presumably for the Firefox Team to modify the source code
to support multiple stored information blocks per server hosting a
form's page: one block for each back-end server the forms can be
submitted to. 

I tried to edit signons2.txt to have two blocks - one for each back-end server for the same front-end address but this fails to work.
Given that Firefox's behaviour is apparently to only maintain one
block per form-page hosting server (in signons2.txt) it isn't too surprising it gets confused if multiple blocks are present.

I would not anticipate Firefox recording any credentials for the subsequent back-end server that is connected to AFTER completing the login form (possibly using auto-completion). Why does Firefox record the back-end server info, when it is only the front-end server where the form is offered?

I would not expect Firefox to record any information about which back-end server the form is passed on to.

Clearly the problem occurs whenever the connection goes to the server that the form was not passed to on the previous occasion.
 

Reproducible: Sometimes

Steps to Reproduce:
1. Connect and see either the password autofill or not depending which back-end the form was passed to last time.
2. Clearly unless you have a username on this webmail server you cannot test for this problem, but this must occur on other sites also where a login form is passed to a different back-end server.
3.
Actual Results:  
Autofill occurs or does not occur depending on which back-end server is selected by the front-end server.

Expected Results:  
The front-end server should get the password autofilled every time.
This is due to the fix for bug 360493. Firefox won't fill in a form login when the form is being submitted to an unexpected location.

I'm going to morph this bug a bit... Normally this kind of problem is a WONTFIX (we're deliberately doing this because of the issues in 360493), but we should be better at saving logins that might get submitted to multiple locations. There's probably no way to avoid making the user authenticate twice [eg, once for a form submitted to webmail1, once for a form submitted to webmail2], but once that happens password manager should know how to retain that info in a sensible way.

I'd have to test to be sure, but I don't think the code in FF2 is able to deal with this case at all. The trunk code probably can, but only if each submission is saved as a separate login (which isn't exactly ideal, and sucks if the user wants to change their password). This also has some impact on checking for duplicate logins, and supporting this in an OS X Keychain module is probably hard.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: password autofill fails on web form where the form is posted to one of multiple back-end servers → support multiple formSubmitURLs for a login
Severity: normal → enhancement
Product: Firefox → Toolkit
I think it's more likely we'll drop formSubmitURL than implement storing of multiple values. I'm going to dupe this to bug 1147563 though since it will provide a workaround.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE

I am attempting to verify bug 1147563 and test this edge case as well. Can you provide me with some examples of websites where the login form is passed to a different back-end server?
Or can you provide me with some form of test case?

Thank you!

Flags: needinfo?(mike.cohler)
Flags: needinfo?(MattN+bmo)

I don't know any off-hand that use the same form origin.

Flags: needinfo?(mike.cohler)
Flags: needinfo?(MattN+bmo)
You need to log in before you can comment on or make changes to this bug.