Chrome administra mal las contraseñas
Reported by
josefel...@gmail.com,
Mar 22 2017
|
||||||
Issue descriptionChrome Version : 56.0.2924.87 (64-bit) I put directly an example with which it does not administer them correctly: Let's say that we access a page where we have two users (http://domain.com/login_user.html). The users and passwords for that url would be: "User_1" with "key_1" and "User_2" with "key_2". Now, on the same page we have an admin access (http://undominio.com/login_admin.html), in this access we use as user "User_1" but as key we use "key_3". Well, in this case chrome saves two users each with their password, but since a user has two keys depending on the url, access to one of them is incorrect. This worked well a time ago, but now does not work. See if there is a solution. Thanks
,
Mar 27 2017
Sorry, there is an issue in the example. the admin url would be: http://domain.com/login_admin.html with the same domain of the first one.
,
May 9 2017
josefelixg@: If this is still an issue on the latest stable(58.0.3029.96), could you please provide any alternate URL to test this as getting 404 error with http://domain.com/login_admin.html.
,
May 9 2017
Hi. Thanks for your reply. In the last version still working bad: If I login to domain/login_admin.html, chrome saves user and password for the url domain/login_admin.html, but when I login to domain/login_user.html with the same user and other password, chrome asks for update the saved domain/login_admin.html password. I think that the issue is that chrome only test if there is any password for this user in the domain without looking for the complete url. Sorry but I can't publish an access for the administration login of any of my webpages. :( Thanks
,
May 9 2017
Thank you for providing more feedback. Adding requester "ajha@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 10 2017
Adding proper component for someone from the respective team to help in better triaging of this.
,
May 30 2017
josefelixg@ if possible could you please help us with the sample html test case for this issue for further triage. Thank You...
,
Oct 23 2017
No need to provide a test domain, the issue description is clear (thanks for the report). The issue here is that credentials are scoped to a web origin (see RFC 6454, section 5) and keyed by a username. So the fact that for http://domain.com there can only be one password saved for "User_1" is by design. I'm afraid that if this worked differently before, then it was by accident. Based on the above, I'm closing this issue. If possible, try to use separate usernames, or create a different origin for the admin account (different port would help). |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by ranjitkan@chromium.org
, Mar 27 2017