Larry S. wrote:
David E. Ross wrote:
On 3/15/2016 10:54 AM, Larry S. wrote:
Once upon a time there was discussion here about Password Manager having
trouble when the log-in process asked for User ID, and then in a
separate screen asked for the password. I ignored it at the time since I
didn't have that problem; now I do.
Any advice? Anyone remember the answer (if there was one)?
Larry S.
See bug #368265 at <https://bugzilla.mozilla.org/show_bug.cgi?id=368265>.
The problem seems to have gone away, at least for cases where the user
has only one account at the Web site. If there is more than one
account, it becomes necessary for the same password to be used for all
the accounts. That is because Password Manager does not have access to
the user ID on the prior Web page and thus cannot tell which password is
appropriate.
Unfortunately, for me it hasn't gone away. I only have one account at
the Web site, but it still doesn't come up with the password for the
second popup. This is a new site for me, but I have other sites
(financial) where Password Manager works just fine. However, for those
the login and password are in the same popup.
I'm getting the impression that it's not, and not going to be, fixed.
I'm not a Firefox or SeaMonkey developer, so don't know exactly how the
password manager is implemented. However, I'm not sure that it could be
reliably fixed in the browser. HTTP is a stateless protocol - each time
you load a new page, a new request is sent to the server which is not
related to any previous request. Cookies allow data returned from the
server with one response to be sent back to the server with future
requests, but how they're actually used depends on the implementation of
the website.
All this means that, as David mentioned, the password manager has no way
to know that the password requested on the second page is in any way
related to the username requested on the first page. It may be obvious
to you that you're being asked for a username and password. It may be
possible to do something that tries to work it out, but it probably
wouldn't be completely reliable (and then people would probably complain
about the odd time it doesn't get it right). Even determining that a
given field is for a username, and not a search term or some other bit
of information, is not necessarily easy.
I'm beginning to suspect that some web developers are starting to use
two-page login forms deliberately to prevent their users from using
password managers on the assumption they won't be secure, rather than
leaving it up to their users to ensure they store their passwords
securely. In which case, even if something is done in the browser which
works most of the time, those web developers may make sure they hit the
conditions for it to not work for their site and the whole cycle would
start again...
You reference to bugzilla is rather old by now. Maybe o.k. for
Thunderbird, but not SM?
For mail and news protocols, the login is done in the same connection as
used to download the data, so doesn't have the same problems with
keeping state.
Mark.
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
