Closed Bug 514889 Opened 15 years ago Closed 15 years ago

cache problem with django admin interface

Categories

(Toolkit :: Password Manager, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 499223

People

(Reporter: maigfrga, Unassigned)

References

()

Details

(Keywords: access, Whiteboard: [DUPEME])

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 Build Identifier: The problem is in the django web framework admin interface. when i store my password on icewasel 3.0.6 or 3.5.2 firefox private data, and i want to create a new user, the new user form is preloaded with the current user's username and password regards I run a lenny debian . I reported this bug to django, bet they say that is a firefox bug http://groups.google.com/group/django-updates/browse_thread/thread/7b180de96e21276d Reproducible: Always Steps to Reproduce: 1. save password for the admin interface when the browse ask for it 2. create new user 3. Actual Results: The new user form is prepulated whit the current username and password Expected Results: blanks fiels for new user creaticon thread for djando community http://groups.google.com/group/django-updates/browse_thread/thread/7b180de96e21276d
Keywords: access
Component: Networking: Cookies → Password Manager
Product: Core → Toolkit
QA Contact: networking.cookies → password.manager
The login form has action="/admin/" while the new user has action="" Normally we only match forms that have the same action URI. When the action is empty, we do a wild card search. All the Django admin forms have action="" and that is causing the problem. They could fix that & this problem would go away. Otherwise this is a hard problem to tackle. The heuristics for determining a "new user" page would not be worth the minimal tradeoffs.
Whiteboard: [DUPEME]
I don't think the action URI is involved -- we never store the path from the URL, just the base hostname part (eg "http://host.com"). But you're right about it looking like a user's login page to the password manager -- it can't really tell the difference. Best workaround is to add "autocomplete=off" to these fields (or the form itself) in the admin page. Not only will this prevent login manager from filling the fields, it will suppress having it ask if you want it to remember the login.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.