Can Safari & iCloud Keychain play nice with subdomains?
March 7, 2023 11:26 AM
I use Safari saved passwords and iCloud Keychain as my password manager. For the most part it works very well, and it greatly simplifies my life. Unfortunately, it doesn't understand that subdomains may need different login credentials, and this makes it useless for that subset of websites.
This comes up a lot when when an SAS provider gives each client a subdomain. For example, there could be wheelock.campintouch.com, farmandwilderness.campintouch.com, and newarts.campintouch.com. Each of these is a separate instance, for managing registration and camper information at a different camp. But Safari thinks that they should all be using the same login.
I've also seen this with Salesforce, lots of job application processors, etc.
Is there any way to make Safari saved passwords work well with this scenario, or do I need to manage it by hand or use a different password manager?
This comes up a lot when when an SAS provider gives each client a subdomain. For example, there could be wheelock.campintouch.com, farmandwilderness.campintouch.com, and newarts.campintouch.com. Each of these is a separate instance, for managing registration and camper information at a different camp. But Safari thinks that they should all be using the same login.
I've also seen this with Salesforce, lots of job application processors, etc.
Is there any way to make Safari saved passwords work well with this scenario, or do I need to manage it by hand or use a different password manager?
Um. I do this all the time with Safari and iCloud and it generally works the way I want it to. For instance I have my own personal domain (let's call it example.com) and Safari pops up different, correct saved credentials for firewall.example.com, wireless.example.com, and webmail.example.com. When I really do have multiple accounts saved for the same site (e.g. two different Citi credit card accounts) Safari always has the "Other Passwords for citi.com" thing in the autofill popup. It's an extra couple clicks, which might be what you're complaining about, but it does correctly save both sets of credentials.
I think there may be an issue if the site requiring the login creates the session using just the top level example.com domain, though. You can tell if this is happening if you have two browser windows open and try to log into two different sites simultaneously. If you've logged in to wheelock in one window and then log into farmandwilderness in another, will your first window still be logged in, or does that session get invalidated? If that's the issue, then the service provider needs to stop doing their session management that way and Safari / iCloud has nothing to do with it, although you could work around it by hitting each site in its own Private Window (or do one in Safari, one in Firefox, and one in Chrome, but ugh).
posted by fedward at 1:17 PM on March 7, 2023
I think there may be an issue if the site requiring the login creates the session using just the top level example.com domain, though. You can tell if this is happening if you have two browser windows open and try to log into two different sites simultaneously. If you've logged in to wheelock in one window and then log into farmandwilderness in another, will your first window still be logged in, or does that session get invalidated? If that's the issue, then the service provider needs to stop doing their session management that way and Safari / iCloud has nothing to do with it, although you could work around it by hitting each site in its own Private Window (or do one in Safari, one in Firefox, and one in Chrome, but ugh).
posted by fedward at 1:17 PM on March 7, 2023
This thread is closed to new comments.
posted by number9dream at 12:29 PM on March 7, 2023