GNOME Bugzilla – Bug 591395
PDM: private sessions can see "Personal data" items
Last modified: 2009-09-22 09:47:07 UTC
ssia. If you start epiphany -p you'll be able to see cookies and saved passwords of the normal session.
(In reply to comment #0) > ssia. If you start epiphany -p you'll be able to see cookies and saved > passwords of the normal session. > No, you won't see the cookies. I'm working on the password thing now.
*** Bug 593626 has been marked as a duplicate of this bug. ***
Created attachment 143423 [details] [review] Prevents PDM from getting keyring passwords in a private session This patch is just a temporal solution that should be extended by recovering passwords from SoupSession (when API let it) and adding new functions similar to the existent for gnome keyring (e.g. add, remove, ...), but working with passwords of the actual private session.
Created attachment 143428 [details] [review] Prevents PDM from getting keyring passwords in a private session (the good patch, the last one is OLD, sorry) This patch is just a temporal solution that should be extended by recovering passwords from SoupSession (when API let it) and adding new functions similar to the existent for gnome keyring (e.g. add, remove, ...), but working with passwords of the actual private session.
(In reply to comment #4) > Created an attachment (id=143428) [details] > Prevents PDM from getting keyring passwords in a private session > > (the good patch, the last one is OLD, sorry) > > This patch is just a temporal solution that should be extended > by recovering passwords from SoupSession (when API let it) and > adding new functions similar to the existent for gnome keyring > (e.g. add, remove, ...), but working with passwords of the actual > private session. I had a chat with Dan, and our current understanding of this stuff is as follows: - Deleting HTTP passwords in general (either in private or normal sessions) is not supported in the sense that when you have already used them they will still be active even when deleted from the PDM dialog. This does not work in other browsers, and it's a bit of a pain to implement, so we are going to leave that as is for now. What happens when pressing 'Remove' is that the password is deleted from the keyring, which is not exactly the same as deleting it from libsoup for the current session (yeah, this is a bit confusing). - SoupSession will remember HTTP passwords for the session in private mode, but because we won't allow to delete them it does not make much sense to show them, so doing nothing is OK. - When we support form auth storage this will have to be revisited. So I think the patch is OK, but please update the comments to just say that there's no point in showing the HTTP auth in private mode since it's not being used.
Created attachment 143578 [details] [review] Prevents PDM from getting keyring passwords in a private session Here you are, the same patch but comments emphasize the fact that the current HTTP passwords wont be shown in the dialog because we dont allow to delete them. If you want me to change something just tell me. :-)
Thanks, I have pushed this to master (53dc6836904c100dc75c368b9e494eaebcc63416).