ericwoodruff/passwordhasherplus

Changed site tag is ignored on in-page-hash generation

Closed this issue · 1 comments

Use case is two websites domain1.com and domain2.com sharing the same credentials.

I visit domain1.com and create an account using password hasher using the default site tag "domain1".

Now i visit domain2.com and try to login. This fails at first, because the default site tag is "domain2". Now I change it in the extensions' popup to "domain1". However, the hash generated in the page's login form is still for "domain2". If I re-visit the page, the site tag actually is remembered as "domain1", so this part works for me.

Today I had a smiliar scenario, however it worked out today. So it seems I have to make further investigations if I can safely reproduce the issue. Closing this issue for now. Sorry for the noise.