User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2b) Gecko/20021013 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2b) Gecko/20021013 The Password Manager dialog window does not open to accept the login and password on a secure page (https) and the information is not saved. Reproducible: Always Steps to Reproduce: 1.go to https://www.cibc.com 2.enter username and password 3.click enter or press return Actual Results: Password Manager dialog window did not open and the site was logged in. Went to another site (http://) and Password Manager worked correctly. Expected Results: Open dialog window for Password Mangager to save login and password

browser!=bugzilla

This has absolutely nothing to do with Bugzilla -> Browser (except timeless beat me to it) And I doubt if this has anything to do with HTTPS, also, I use Password Manager on HTTPS sites all the time (Mac OS X CFM 2002101009). I do have this problem with Citibank's online banking though. I think it's their website at fault. They construct the page in such a way that Mozilla can't tell it's a login page.

Here's the relevant chunk of source off of CIBC's site: <td width="250" height="28"><font class="text"> <form name="temp" value="" onSubmit="document.SignOn.password.focus(); return false;"> <input type="text" name="cardNumber" value="" size="13" maxlength="25" class="form"> <br><nobr>CIBC bank or CIBC VISA card number </form> <form name="SignOn" value="" action="https://www.cibc.com/solution/service/pers/pcb/scripts/SignOn.jsp" method="post" onSubmit="return(validateForm())"> <input type="hidden" name="onError" value="SignOn|Return to Sign On"> <input type="hidden" name="recvref" value=""> <input type="hidden" name="cardNumber" > <input type="hidden" name="locale" value="en_CA" > <input TYPE="hidden" NAME="BV_UseBVCookie" VALUE="Yes"> <input type="hidden" name="imp" value="0" > <input type="password" name="password" value="" size="8" maxlength="12" class="form"> <br> 6-12 character Online Banking password </form> <a href="javascript:if(validateForm()) document.SignOn.submit();"> <img tabindex="3" alt="Sign On" src="/english/images/sign_on.gif" width="65" height="16" border="0"></a> </font></td> You'll note that the card number and the password are in two separate forms, and neither one is the one you're actually submitting.... the "SignOn" form has hidden fields for both that get set by the javascript before it submits.

and seeing as how this is an online banking site, I'm betting they conscientiously did that on purpose to prevent password manager apps from being able to see it. It's a security risk to let passwords with access to money be saved. :-) (because then anyone with access to your computer could log into the site without a password, effectively).

Dave's analysis is correct about why password manager is not saving the login in this case. But I doubt that they did it on purpose. They could have acoomplished this much easier by using "autocomplete=off". In any event, this goes into the general catagory of improving the password-managers heuristic. That's covered by bug 153986 *** This bug has been marked as a duplicate of 153986 ***

Verified Duplicate