Open Bug 631272 Opened 13 years ago Updated 2 years ago

Credentials saved twice for same origin with differing formActionOrigin

Categories

(Toolkit :: Password Manager, enhancement, P3)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement

Tracking

()

Tracking Flags:
Tracking Status
firefox72 --- affected
firefox73 --- affected
firefox74 --- affected

People

(Reporter: luckysharma11, Unassigned)

References

Details

(Whiteboard: [passwords:cross-origin])

Attachments

(1 file)

Duplicate Entry
18.87 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13

I had password saved for 'www.facebook.com' but Firefox did not got the same from its saved passwords DB, and asked for the password when i visited the site. Entering the credentials and logging in asked for saving the same with password manager and selecting 'Remember' saved a duplicate entry to DB, which was visible in manager.
Attached is the screen-shot.

Reproducible: Sometimes

Steps to Reproduce:
1. There were 2 entries under the 'Email' field for Facebook, while password manager had only one.
2. Selecting the one that was there with the manager did not populated the password.
3. Deleted the browser cache/history, by selecting everything.
4. Restarted browser and checked www.facebook.com, the password manager asked for master password. The login form did not populated, even after master password submission.
5. Typed in the credentials, and the same were asked to be saved by password manager.
Actual Results:  
There was duplicate entry in password manager, for a FQDN and UserId combination.

Expected Results:  
The password manager should have only one entry for FQDN and UserId combination.
Attached image Duplicate Entry 
Component: Security → Password Manager
Product: Firefox → Toolkit
QA Contact: firefox → password.manager
Version: unspecified → 1.9.2 Branch

    
    

    
  
Was the saved password the same? Was the scheme (http vs. https) the same when you were getting prompted to save again?
Flags: needinfo?(luckysharma11)
Summary: [Password Manager] Credentials saved twice for same FQDN → Credentials saved twice for same FQDN

    
    

    
  
I see from the screenshot that the origin was the same but I suspect the formSubmitURL was different (e.g. different scheme)

    
  
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
See Also:  → 213376
Summary: Credentials saved twice for same FQDN → Credentials saved twice for same FQDN with differing formSubmitURL
Whiteboard: [passwords:cross-origin]

    
  
Type: defect → enhancement
Flags: needinfo?(luckysharma11)
OS: Linux → All
Hardware: x86_64 → All
Version: 1.9.2 Branch → Trunk

    
  
Blocks: 1576148

    
  
Priority: P5 → P3

    
    

    
  
Updating affected flags for this, reproduced on facebook.com and aliexpress.com as well.



          status-firefox72:
          --- → affected

          status-firefox73:
          --- → affected

          status-firefox74:
          --- → affected

    
    

    
  
Based on a meeting at All Hands, we plan to fix this soon for new saves/updates.


Priority: P3 → P2
Summary: Credentials saved twice for same FQDN with differing formSubmitURL → Credentials saved twice for same origin with differing formActionOrigin
Priority: P2 → P3

    
  
Severity: normal → S3

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: