Closed Bug 442524 Opened 16 years ago Closed 5 years ago

can't save logins when sent ajaxy ways instead of a normal form submission


(Toolkit :: Password Manager, enhancement, P3)






(Reporter: Dolske, Unassigned)



Some sites have purely ajax-driven logins. Eg, clicking the "login" button/link doesn't result in a form submission, but rather the page makes an XHR request in the background.

We currently only save logins by listening for form submissions, so we never prompt the user to save the login, thus we never have a stored login to fill in on the page next time the site is visited.

There isn't going to be a way to detect this situation automatically, but it would be nice if there was a context menu item (from username/password field) to "Save this login".
Product: Firefox → Toolkit
Random thought: we could have something observe changes to password fields, and as soon as a value is entered (w/ a slight delay to allow user to finish typing), offer to save the login. Not sure if we can detect if the submission will be AJAY (maybe look for a blank action) -- if we can figure that out we'd want to not show the notification until the normal time after form submission, so it's not as annoying. There are a few other little details to worry about, but that's the basic idea.

I'm working on an admin interface what works like:
a "container" page loads -> (what have a menu and ajax windows opens over it)
the login form loads trough xhr ->
the login form submits trough xhr ->
location.reload() -> (change the menu to reflect the logged in state)

so after login, firefox asks me if I want to save the password? (what was submitted trough xhr and if the response is good location.reload happened)
but nex time the login form loads, firefox wont fills the form...

Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20100129 Ubuntu/9.10 (karmic) Namoroka/3.6.2pre ID:20100129052916
Can't you perhaps trigger it based on the initial form 'onsubmit', even when in the JavaScript onsubmit event handler the event is canceled? After all, (I assume) you still check for a username and password field after that.

Does that make a huge difference?
The problem -- indeed, _the_ problem -- is that these kinds of logins are not sent via form submission, so there's no onsubmit event at all. EG:

  <input type="password">
  <a href="#" onclick="doSomeAjaxStuff()">Login</a>
Well, yes it is pretty hard to do it in such a situation. But I was just thinking that it might be at least a step forward to do it in the following case:

<form id="form1" onsubmit="doAjaxStuff()">
<input type="password">
<a href="#" onclick="document.getElementById('form1').submit();">Login</a>

In any case, I don't think triggering it based on input of a password field is very handy. Perhaps it would be better (if possible) to base it on when the value of a password field is being read.
That case should already work; it's in a <form> and triggers a normal form submission. If it's not, it's an entirely different issue than this bug.
Ok, not sure if this is the same as the other bugs, but Bugzilla says to find a similar bug so here I am : )

I'm having problems with & it only started happening once they changed their interface.

It won't remember the user name or the p/w. Before it wouldn't remember the user name, but once I pressed the first letter it would find it & then input the p/w too.

They looked at it & said... "Its seems like its a Firefox issue in how it handles redirects with security certificates. The work around is to bookmark and have Firefox save your credentials on that site. You can login from this site going forward."

I don't want to have to use a bookmark to remember that obscure URL just to log in.

I asked if they use Ajax & he said in some places, but they also use JS & PHP.


Depends on: 1166995, 1166998, 1166947
Depends on: 1287202
Seems like the only the way to have firefox save password today is by actually submitting the login form data to a form handler, either by clicking submit button or call form.submit() programmatically. Would it be possible to support the following case?

  <input type="password">
  <a href="#" onclick="sendForm()">Login</a>

function sendForm(form) {
  var formData = new FormData(form);
  var xhr = new XMLHttpRequest();'POST', form.action, true);
  xhr.onload = function(e) { ... };

  return false; // Prevent page from submitting.

Basically send form data in xhr and avoid page reload.
Blocks: 1444573
Blocks: 1427204
Blocks: 1455343
I'm not sure this is useful since bug 1119035 is the meta bug for this issue.
Priority: -- → P3
Blocks: 1478508
No longer blocks: 1478508
No longer blocks: formless-logins, 1427204, 1444573, 1455343
Closed: 5 years ago
No longer depends on: 1166995, 1166998, 1287202, 1166947
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.