Forum sometimes doesn't like password manager like Dashlane

[AlTech]

Hi there,

I'm posting this cos I've experienced this a few times recently.

 

Basically sometimes the forum decides it doesn't like password managers like Dashlane and when I'm on a forum page when signed out and click on signing in, dashlane automatically fills in the details and either automatically logs me in or I have to manually press the login button.

 

The forum then can sometimes give me an error such as this:

 

I've had some difficulty replicating the issue.

 

Info:
Firefox 66.0.2 on Windows 10 v1809 with the latest updates.

Screen resolution is 1920x1080.

Specs are my Desktop specs in signature.

 

I do also have the Dashlane browser extension installed because it is my password manager. I also have a few other extensions but none of them are at all involved with this.

 

Thanks much.

[colonel_mortis]

I've not used dashlane, but are you able to see which fields it's trying to fill? It looks like it's trying to fill the csrfKey field, which would mean that it's dong weird stuff. If you can delete that field from the autofilled fields, it should stop breaking.

 

The csrfKey field is a hidden field with a value that is unpredictable and changes each time you start a new session (approximately whenever you close all your ltt tabs), which is used to prevent someone from tricking you into clicking a link which does an action on LTT (for example, someone could make a link which causes you to submit a new post with content of their choosing, but because they don't know the correct value for the CSRF key it will be blocked).

 

My point is that the CSRF key is a security feature which  will not be changed. If it is causing incompatibility with Dashlane then changes will be required on their end. I'm happy to work with them to resolve it, though I would imagine that it breaks many more sites than just LTT.

[AlTech]

37 minutes ago, colonel_mortis said:

I've not used dashlane, but are you able to see which fields it's trying to fill?

The only fields that I can see it filling are my username and password fields. I don't see any other field it tries to fill on LTT.

37 minutes ago, colonel_mortis said:

It looks like it's trying to fill the csrfKey field, which would mean that it's dong weird stuff. If you can delete that field from the autofilled fields, it should stop breaking.

 

I'll need to double check if this is an option later.

37 minutes ago, colonel_mortis said:

The csrfKey field is a hidden field with a value that is unpredictable and changes each time you start a new session (approximately whenever you close all your ltt tabs), which is used to prevent someone from tricking you into clicking a link which does an action on LTT (for example, someone could make a link which causes you to submit a new post with content of their choosing, but because they don't know the correct value for the CSRF key it will be blocked).

 

My point is that the CSRF key is a security feature which  will not be changed. If it is causing incompatibility with Dashlane then changes will be required on their end. I'm happy to work with them to resolve it, though I would imagine that it breaks many more sites than just LTT.

Would writing something this help explain the issue to them?

 

[colonel_mortis]

30 minutes ago, AluminiumTech said:

Would writing something this help explain the issue to them?

 

Yes, though I'd recommend also including a link to ltt (or this topic) and/or checking the box to send the HTML.

[AlTech]

A small update. I reported the issue to them.