Bug 100743 - Wallet pops up all the time
Summary: Wallet pops up all the time
Status: RESOLVED WORKSFORME
Alias: None
Product: konqueror
Classification: Applications
Component: khtml forms (show other bugs)
Version: 3.4
Platform: Gentoo Packages Linux
: NOR normal
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 106511 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-03-03 15:21 UTC by Niels
Modified: 2010-09-19 18:32 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Niels 2005-03-03 15:21:51 UTC
Version:            (using KDE KDE 3.4.0)
Installed from:    Gentoo Packages

Using 3.4_rc1.

Whenever I use Konqueror, the requester for the wallet password pops up all the time -- it seems as if it reacts to the domain name only. Like this: I have a password saved for www.example.com/something/login.php but when I go to www.example.com, I get asked for my wallet password.

I couldn't find any duplicates for this thing, tho' it seems an obvious error.
Comment 1 George Staikos 2005-03-03 16:21:52 UTC
On Thursday 03 March 2005 09:21, Niels wrote:
> Using 3.4_rc1.
>
> Whenever I use Konqueror, the requester for the wallet password pops up all
> the time -- it seems as if it reacts to the domain name only. Like this: I
> have a password saved for www.example.com/something/login.php but when I go
> to www.example.com, I get asked for my wallet password.
>
> I couldn't find any duplicates for this thing, tho' it seems an obvious
> error.

  Haven't seen this before.  First make sure that it is konqueror asking.  You 
should also check the kwallet folder to see which entries there closely match 
the url.

Comment 2 Niels 2005-03-07 14:47:30 UTC
I've done some more digging and partially solved the problem:

The problem is on my localhost, on which I have a local Apache running. The start page for Konqueror is http://localhost/webroot/home/index.php which is a plain page without any login forms. This url is not in my wallet. When Konqueror starts, the wallet password requester pops up, but it's KDE that's asking, not Konqueror. I press cancel and it pops up again. I press cancel again and the page loads. But sometimes I have to press cancel for each image on that page. Those images are local files in the same folder.

What I do have, however, is a link on that page to my local phpmyadmin. That link is in wallet/passwords (not wallet/Form Data, since it's not a html form but an Apache password request). After removing that, the whole problem is gone, but now I have to remember my phpmyadmin password myself.
Comment 3 Robert Huitl 2005-03-21 18:22:33 UTC
I observed this bug too.

Since kde 3.4, Konqueror/KHTML opens KWallet for every domain/website that has login data saved, no matter whether it needs it to access a particular page (login uses HTTP AUTH on these pages). This is especially bad because KNewsticker now opens the wallet (well, requests my wallet password) every time it updates the news (I have a password configured for one of the news sites).

Instead, it should wait until it gets an "unauthorized" response and then open the wallet, as it's been the case on KDE < 3.4.

For further clarification: I have an account on heise.de, which I only need to write postings. Anyone can access the page and read news. When I direct Konqueror to heise.de, it opens the wallet, even though there is no need to, and the website DID NOT request an authorization.
Comment 4 Robert Huitl 2005-03-21 20:28:12 UTC
I'd like to add that I observe this behavior only for HTTP AUTH, i.e. only for sites that are listed in KWallet's "Passwords" folder. Form data is handled correctly: KWallet is opened only when the form is displayed.
Comment 5 Malte S. Stretz 2005-04-07 11:55:26 UTC
I just encountered something like this on http://www.fine-party-art.de/

I've got a username etc. there which is stored in KWallet.  My wallet was closed but when I just visited the site, I did not want to log in.  So I pressed Cancel in the wallet password dialog.  But Konqueror continued to ask for *each* file which was loaded from that domain (including all images etc.), I just held down the Escape key but it was still annoying.
Comment 6 Niels 2005-05-06 19:08:09 UTC
Comment #3, 4 and 5: Yes, this is what I'm experiencing as well.

I really hope this problem will be solved with 3.4.1, because it's *happening* *all* *the* *time*, and it's *driving* *me* *up* *the* *wall*. I'm actually using Firefox more because of this.

I'm sorry that I can't code; all I can do is ask nicely: somebody please, please fix this. (And please release 3.4.1 tomorrow while you're at it...)
Comment 7 Tommi Tervo 2005-05-31 10:33:04 UTC
*** Bug 106511 has been marked as a duplicate of this bug. ***
Comment 8 David Anderson 2005-07-27 15:05:30 UTC
I get this too... one interesting case in which it happens is that kwallet asks for my password for a website _with no passwords at all_, but where there is a kwallet entry for ftp for the same host.

i.e. http://www.example.com has no passwords at all anywhere, but kwallet wants to open
ftp://www.example.com has an entry in kwallet.
Comment 9 Jens 2005-07-27 15:36:07 UTC
Yes, I'm having this problem too. On www.rb-hosting.de, there is an IFRAME of a page fetched from www.hitchhikers.de (hitchhikers.de/iframe.php?foo=whatever), containing a search form. When I visit www.rb-hosting.de, KWallet pops up before loading the IFRAME.

I have a login (saved in KWallet) on www.hitchhikers.de/index.php, but the form elements containing the password are NOT in the IFRAME!

So, Kwallet is definitely overreacting in some weird way. Or KDE. Or Konqueror. Or they are all having a party together driving the user insane.

Pleeeeease fix. Or tell me what I need to do to help fix this.

Jens
Comment 10 Martin Steigerwald 2005-09-03 15:48:34 UTC
Hello, I also got this problem. 

I have it with my account at heise.de I only need for writing posts.

I also have this on localhost where I develop web sites. On one URL on localhost it has HTTP AUTH. The credentials of it are saved in kdewallet under passwords under http://localhost instead of the complete URL which triggered the HTTP AUTH request. 

KHTML triggers KWallet on any page of http://localhost even when it does not contain any forms nor does it use HTTP AUTH at all.

I suggest that KHTML saves the URL that triggers the HTTP AUTH request instead of only the domain name. I did yet not happen to see any website with a variable URL for an HTTP AUTH restricted area. And when there is one I would still prefer that KHTML doesn't remember the credentials once instead of popping up KWallet too often.

This would be also good when there are two HTTP AUTH restricted areas with different credentials on the same domain.

Also I recommend only asking for KWallet when a HTTP AUTH request is issued by the web server.

I also experience that it asks for every file loaded when cancel everything. This is when I do it the first time. When I close the Konqueror window after cancelling everything and reopen it to try again it only asked one or two times here.

I am using Debian Etch with KDE 4:3.4.1-1 for the time being. I will move to KDE 3.4.2-2 or later packages as soon enough of my often used KDE applications are migrated to the C++ ABI change.

Regards, 
Martin Steigerwald

 
Comment 11 Martin Steigerwald 2005-09-04 10:14:05 UTC
Well thought about it once more. Saving the URL or even better the HTTP AUTH realm in KWallet wouldn't be suitable to fix this bug as KHTML would need to open KWallet anyway to check the saved URL or HTTP AUTH realm.

So proper fix is indeed waiting for an actual HTTP AUTH request to take place. Saving the HTTP AUTH realm still makes sense to me to support several HTTP AUTH areas on one domain. I don't know whether thats done already, but from looking at the KWallet contents it doesn't seem so.
Comment 12 FiNeX 2010-09-19 18:32:13 UTC
Cannot reproduce with KDE 4.4.5. This bug is no more reproducible.