Changed site tag is ignored on in-page-hash generation
Closed this issue · 1 comments
jowi24 commented
Use case is two websites domain1.com and domain2.com sharing the same credentials.
I visit domain1.com and create an account using password hasher using the default site tag "domain1".
Now i visit domain2.com and try to login. This fails at first, because the default site tag is "domain2". Now I change it in the extensions' popup to "domain1". However, the hash generated in the page's login form is still for "domain2". If I re-visit the page, the site tag actually is remembered as "domain1", so this part works for me.
jowi24 commented
Today I had a smiliar scenario, however it worked out today. So it seems I have to make further investigations if I can safely reproduce the issue. Closing this issue for now. Sorry for the noise.