Browser password manager on password-reset page not saving correct site location


(Allen - Watchman Monitoring) #1

The issue I’m seeing may need to be moved to a new topic.

Repro:

  1. Get invited to a discourse.
  2. Accept by clicking a link.
  3. receive email saying “set your password”
  4. click the link and set a password.
  5. browsers will offer to save the password, but the email isn’t anywhere, making the resulting saved credential an orphan, unable to get used.

Login support for browser password managers
(Jeff Atwood) #2

Yes that is a completely different issue. I am not sure the invite flow can be captured by any known password manager. I wonder if putting the email on the page as a form field, but read-only, would work? @techapj can you put on your list a quick hack to test this theory?


(Arpit Jalan) #3

Okay, I am able to repro this.

The issue is that password manager is saving site location as http://forum.example.com/users/password-reset, so the credential is not getting used on http://forum.example.com. We somehow need to tell password manager to save site location as http://forum.example.com. This may be tricky.

Added on my list.


(Allen - Watchman Monitoring) #4

My password managers don’t care much about the full URL, only the domain.tld

What happens a lot is that the password is saved without an email, preventing it from being used (or preventing Keychain on a mac from saving anything at all)


(Arpit Jalan) #5

We are providing username (instead of email) in the form. I just checked and Chrome default password manager is saving the username password combination.


(Jeff Atwood) #6