13

Google Chrome seems to be saving passwords on a per site basis, but I'm developing a site where I'd like to have different http authentication details depending on the directory accessed AND have Chrome remember this.

That is to say, http://example.com/a and http://example.com/b have different http user/password combinations. I'd like Chrome to remember both, such that when I enter http://example.com/a I'm accessing with the corresponding user/password combo for /a, and likewise for /b. If I use the built in function to save passwords in Chrome, the browser saves both user/password combinations for http://example.com globally and doesn't remember which one to use depending on the address, instead defaulting to one of them for any address accessed on http://example.com

Is there any way around this, besides setting up different subdomains for each directory?

  • 2
    Wow this is from 2013 and in version 57, 2017 this is still not fixed... And this is the browser that has nearly 60% market share? – Alain Pannetier Apr 15 '17 at 16:19
  • 2
    @AlainPannetier yep, to this day I still haven't found a workaround, I just resort to using subdomains or inputting passwords manually every time. – Mahn Apr 15 '17 at 21:14
  • 2
    lol. I've been moaning decades about closed source and now I have a problem with open source: I just want to clone and customise everything. Chromium is easy (albeit lengthy) to rebuild. But their developer have become so arrogant, as their market share increased, that I'm only using for development. And I just rolled back to 52 because opening the devtools in 57 just... crashed chrome. I might give it a try though. I'll let tou know. – Alain Pannetier Apr 16 '17 at 2:53
  • @AlainPannetier the thing with Chromium is that the code base is enormous, I get the feeling it would be easier to refactor the entire linux kernel than making an interface change there. I found it too daunting but maybe you have better luck than me there. – Mahn Apr 16 '17 at 17:16
  • 1
    Do all paths specify the same HTTP authentication "realm", or are they separate? – grawity Jan 13 at 17:08
0

Build a simple chrome plugin that can use the form id or name and get the data (if it is just username and password) and store it each time you click submit. Storage can be an offline text file file with little or no encryption. Or somehow use some API for passwords.google.com and store it manually. That way chrome will get the passwords from your Google account. Alternative: Introduce a (vulnerability) JavaScript to website and send it to passwords.google.com to store it using an API if available.

  • The question is about HTTP authentication, i.e. this: i.imgur.com/WsXRu7J.png. That cannot be hijacked with a plugin or javascript. – Mahn Jan 13 at 16:32
0

If you specify different realms for the different subfolders, Chrome will behave properly, for example this works just fine in nginx:

    location /gabinete-rivera {
        auth_basic "Hijos de Rivera";
        auth_basic_user_file /home/www/public/gabinete-rivera-app/.htpasswd;
        index  index.php index.html;
        try_files $uri $uri/ /index.php?$query_string;
    }

    location /gabinete-gases {
        auth_basic "Gases Fluorados";
        auth_basic_user_file /home/www/public/gabinete-gases-app/.htpasswd;
        index  index.php index.html;
        try_files $uri $uri/ /index.php?$query_string;
    }

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.