[SOLVED] Frequent KeepassRPC Authorization on browser start-up (when using multiple browsers or profiles)

documentation

#1

Just wanted to share my findings on finally solving a KeepassRPC authorization problem that has plagued me intermittently for years, despite reviewing the troubleshooting steps listed in the documentation, which did not help. This MAY not apply to or solve everyone’s issue, but it solved mine, and I believe it is possible for it to apply to a good number of realistic configurations and it does not seem to be described in the documentation.

The particular problem I’m describing will only occur if you are using more than one browser or browser profile with a single shared Keepass database.

This could occur if:

  • You have two browsers on different computers with a synchronized or shared browser profile, and a synchronized or shared Keepass database.
  • You have two browser profiles or two browser versions on the same computer, both sharing the same Keepass database.
  • Note that KeePass’s built-in “Synchronize” feature also appears to synchronize KeePassRPC access keys, so even if the physical databases being accessed are separate, if they are synchronized with each other, this problem can still occur.

The issue occurs when the two separate profiles end up using the same “unique” ID to access KeepassRPC, but each using their own actually-unique access key. This results in each browser profile overwriting the other browser’s authorization key. The next profile then tries to access KeepassRPC with it’s own (now overwritten and thus invalidated) authorization, which fails, so it requests a new one and overwrites it once again. The vicious cycle continues every time a different profile loads the database.

The easiest way to see if this is occurring with your installation is to start one of the affected browser profiles, then open the KeePassRPC options window from within KeePass, and select the Authorized clients tab. Note the “Unique ID” of the active session. Then close that browser, open another profile or browser, and the authorization dialog will likely appear. After that, again check the “Unique ID” for the active session again, and if it is the same, then both browsers are sharing the same “Unique ID” and the conflict causes them to overwrite each other’s authorization key.

This situation can be easily repaired by opening about:config, searching for the offending duplicated key, and changing it to something actually unique for each affected browser.

Tested with Keefox specifically, but I am fairly confident Kee 2.0+ could also be affected and repaired in the same way. Hope this helps some people.


Problem with KeePass/KeeFox when using on two browsers
#2

Thanks for taking the time to write this.

Configuration in Firefox 57 (and hence Kee 2.0+) is fundamentally different to earlier versions - there is no built-in support for synchronising settings across different browsers (well, technically there is but it is far too limited to be functional for all but the most trivial of situations… and KeeFox/Kee is not such a trivial case).

When data is migrated from KeeFox to Kee, the unique ID is not preserved so any existing problem with KeeFox would not persist when starting to use Kee.

It’s therefore unlikely that this problem would affect Kee 2.0 users. It’s still possible if people manually mess around with Firefox profiles on the filesystem and clone them in some fashion, but it’s much more difficult to get into that state where the unique IDs become non-unique.

It would also require a different resolution (since about:config is no longer usable by addons). The easiest approach would be to uninstall Kee, restart Firefox and then reinstall it again - Firefox will then delete all configuration for the addon. Unlike in earlier versions of Firefox, v57+ does not allow add-on configuration to remain on the Firefox profile after uninstallation.

Technically, one could modify the ID stored in the config file that Firefox persists to disk for each addon but the specific location of this file is not fixed so if anyone needs to do that, you’ll need to research what the current location is for your version of Firefox on your operating system.


#3

I have the exact same problem with KeePass/KeyFox on two browsers (Firefox 42 and Pale Moon 27.9.2) on one Windows 7 computer. And as you indicated, both are sharing a KeePassRPC “Unique ID”.

But when I go to about:config, on one of the browsers, there are two entries.The first entry has a Preference Name of:
extensions.keefox@chris.tomlinson.KPRPCUsername, and has a Value of , in my case, f7aa4b87 etc.

The 2nd entry has a Preference Name of:
extensions.keefox@chris.tomlinson.KPRPCStoredKey- f7aa4b87 etc., and no Value field entry.

I changed the Value on the 1st entry, but that did NOT change the Preference Name on the 2nd entry. If I try to change the 2nd entry manually, my change is entered in its Value field, and does not change the Preference Name.

So I need a little more clarification on exactly what gets changed where, before I mess up my about:config.

Thanks,

Lex