New issue
Advanced search Search tips

Issue 811205 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
vasi...@chromium.org
ios-bugs@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , iOS , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

password saving/filling on different forms in different paths should be separate!

Reported by darko.an...@gmail.com, Feb 12 2018 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36

Steps to reproduce the problem:
1. Install CMS/Login Form "A" into mywebsite.com
2. Install CMS/Login Form "B" into mywebsite.com/subfolder/
3. Use same username but DIFFERENT passwords for above A/B login forms

What is the expected behavior?
Store those accounts as separate (because they are!)

What went wrong?
Chrome in recent versions will *think* those are same accounts, and every time you sign up with one or another, it will offer you to "update" (read: overwrite) your password from the other subfolder/domain account!

Did this work before? N/A 

Chrome version: 63.0.3239.132  Channel: n/a
OS Version: 10.0
Flash Version: 

This was working perfectly fine in older Chrome generations (up to 50.x something I think), but I just switched to brand new PC and noticed this absolutely annoying behavior.

This is the issue I have for years on Android Chrome browser app, but thankfully didn't care too much, as I rarely accessed those forms on mobile. But now, I see that desktop Chrome became affected as well. Please, keep those forms in different subfolder login forms/paths SEPARATE. Because, why Chrome assumes this is my same login credentials forms? Why it cannot *learn* that if my password is different, than accounts are (obviously) DIFFERENT.

Thank you

Comment 1 by krajshree@chromium.org, Feb 12 2018

Labels: Needs-Triage-M63

Comment 2 by viswa.karala@chromium.org, Feb 16 2018

Cc: vasi...@chromium.org
Labels: Needs-Feedback
@Reporter:
Thanks for filing the issue.

@vasilii:
With reference to Issue: 806530, could you please confirm if the Issue: 811205 is similiar to Issue: 806530

Thanks!

Comment 3 by vasi...@chromium.org, Feb 16 2018

Components: -UI UI>Browser>Passwords
Labels: -Needs-Feedback OS-Android OS-Chrome OS-iOS OS-Linux OS-Mac
Status: Available (was: Unconfirmed)
It's indeed similar. The difference is that here the origin is the same. Therefore, there is even stronger signal that both accounts are the same. It's common for the sites to have more than one sign-in form. Thus,  I think that the default behaviour should be as it's today (i.e. update the credential for mywebsite.com). On the other hand, I understand that there are exceptions and we should allow users to handle it in the UI.
We'll brainstorm this problem in the team with UX people.

Comment 4 by darko.an...@gmail.com, Feb 16 2018 

Thanks to all for recognizing this issue. Yes, domains are the same, but they can be 2 completely different apps altogether (and they actually/usually are). But, Chrome does not understand it and thinks it's the same account with updated password for some reason.

Also, I tried to import my 'Login Data' (passwords) from an older Chrome into the new one (along the journal), but it didn't work, probably because things changed considerably in the meantime. I thought it will let me keep those saved credentials separate if I try it.

Regards

Comment 5 by vasi...@chromium.org, Feb 19 2018 

I think import should work. Are you sure you had different URLs in the file?

Comment 6 by darko.an...@gmail.com, Feb 19 2018 

If you refer to 'Login Data', when I overwrote the files from an old Chrome (v47) into the new Chrome (v63) all saved passwords were lost. URLs are always the same (bookmarks) :)

Comment 7 by vasi...@chromium.org, Feb 19 2018 

I meant normal import. You can enable #password-import in chrome://flags/. Then in chrome://settings/passwords you can import the passwords from a text file. For the format you can check the exported file (guarded by #password-export flag).

Comment 8 by darko.an...@gmail.com, Feb 19 2018 

Thanks, didn't know that. But, we cannot export them this way from an older version/different computer? (I don't wish/like to use cloud). So, what format they should be in txt file?

Comment 9 by vasi...@chromium.org, Feb 19 2018 

That feature was in the old versions too (on desktop only). The flag was different though. You can try searching chrome://flags/ for "password". Regarding the format. This is a valid import file

name,url,username,password
some_name_doesnt_matter,https://rsolomakhin.github.io/autofill/,userA,12345
some_name_doesnt_matter,https://rsolomakhin.github.io/autofill/,userB,password123

I just verified that it works.

Comment 10 by darko.an...@gmail.com, Feb 19 2018 

Thanks, it's good to know :)
Well, I have already manually signed/saved most used ones already, but will do this when I find time later (read: probably never :))

Comment 11 by vasi...@chromium.org, Feb 19 2018 

That way you could import two different passwords and check if it works for you temporary.

Comment 12 by darko.an...@gmail.com, Feb 25 2018 

Thank you, I will definitely try it then!

Comment 13 by darko.an...@gmail.com, Feb 25 2018 

Just discovered this also affects /localhost/*/, as I have a lot of stuff under different folders, if username collision happens, Chrome will offer update instead. I know it's the same, just thought it was worth mentioning.

Sign in to add a comment