User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 When logging into LiveJournal.com, Password Manager offers to save the login data, and appears to succeed. If you check the password database after logging in, the URL is saved, the username is saved, but the password field is empty. FireFox doesn't seem to realize it failed to grab the password. Reproducible: Always Steps to Reproduce: 1. Log into LiveJournal 2. Tell Password manager to remember the password 3. Examine the password databse after logging in 4. Turn on "Show passwords". Observe that the LiveJournal password is empty. Actual Results: The password field for the LiveJournal entry is consistently empty. Expected Results: Password field should contain my LiveJournal login password. I have verified this on both Linux and Windows 2000 Pro SP4 using the official Mozilla.org Firefox 1.0 release. I have also had it independently confirmed by users from at least one other site, also attempting to log in to LiveJournal. Mozilla captures the password without any difficulty. I have brought the problem to the attention of the LiveJournal support staff, and they are pretty certain it's a Firefox bug rather than anything funky they're doing.

Well, they are certainly doing something funky (though, overall, very very good): the onclick handler for the submit hashes up the username and password and what I guess is a salt, and then to avoid sending the password in cleartext (since only the hash is needed to authenticate), they say |loginform.password.value = "";| before returning. Apparently Firefox doesn't do the password remembering until the onclick returns and the submit() actually fires, by which time the password is blank, and we save it blank. Interestingly, though, Seamonkey doesn't save the typed password, or anything at all, for me: with 20041116, there's no prompt to save, same as in IE. Perhaps you have it saved from before they started doing the blanking? I only see two possible fixes, and they would both probably break many more things, while fixing lj: either we fire the password save before firing the submit's onclick, which is likely to save things that aren't really being submitted since we don't know yet if the onclick is going to return true or false, or, save the state of the form before calling the onclick, and if it returns true then offer to save what it was before, which would break a similar scheme that hashed both the username and the password separately, and changed their values before submitting. So, I'm confirming, but with the expectation that it'll have to be wontfixed.

Wups, didn't realize LJ was using the same login scheme as vBulletin, which makes this a dup. *** This bug has been marked as a duplicate of 257781 ***