Closed Bug 402040 Opened 14 years ago Closed 14 years ago

password manager doesnt use full path for https passwords, so multiple logins to different sub-folders overwrite each other

Categories

(Toolkit :: Password Manager, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 227632

People

(Reporter: jdown, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8

The company I work for has our own HTTPS secure server, and we have multiple logins to different aspects of this system. Each login is under a sub-folder (ht access). The password manager seems to only save one password for the domain, not for each sub-folder. If I only use one, it will remember the password and correctly login every time. But when I switch to another, it auto-fills the password for the last one I used, instead of the correct one for that sub-folder.

Reproducible: Always

Steps to Reproduce:
1. Login to any HTTPS folder that uses ht access for password.
2. Login to another HTTPS folder that uses ht access on the same server.
3. The first password is auto-filled, not the correct one for the full path of the folder I'm trying to log into.
Actual Results:  
Password manager auto-fills the last login info used, not the correct one for the sub-folder I'm logging into.

Expected Results:  
It should remember the full path to the folder, and use that password (eg. multiple logins for the same HTTPS server, if it stored the full path to the folder it would know they are different logins).

I can reproduce this bug every time by using the steps above, no crash occurs and is not an issue with themes or addons (tried in safe mode).
All of password manager's stored logins only have a per-site granularity (not per-directory). It sounds like the real problem here is that the authentication prompt won't let you select from multiple logins. --> DUPE of 227632

Your case is a little unusual, though, in that is sounds like you have multiple authentication areas on the same server. The usual way of handling that is by using different HTTP realms for each authenticated area... Password manager will key off that, and won't offer logins for Realm A if the site is specifying Realm B. This can generally be done with the "AuthName" property in .htaccess.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 227632
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.