Just wanted to share my findings on finally solving a KeepassRPC authorization problem that has plagued me intermittently for years, despite reviewing the troubleshooting steps listed in the documentation, which did not help. This MAY not apply to or solve everyone’s issue, but it solved mine, and I believe it is possible for it to apply to a good number of realistic configurations and it does not seem to be described in the documentation.
The particular problem I’m describing will only occur if you are using more than one browser or browser profile with a single shared Keepass database.
This could occur if:
- You have two browsers on different computers with a synchronized or shared browser profile, and a synchronized or shared Keepass database.
- You have two browser profiles or two browser versions on the same computer, both sharing the same Keepass database.
- Note that KeePass’s built-in “Synchronize” feature also appears to synchronize KeePassRPC access keys, so even if the physical databases being accessed are separate, if they are synchronized with each other, this problem can still occur.
The issue occurs when the two separate profiles end up using the same “unique” ID to access KeepassRPC, but each using their own actually-unique access key. This results in each browser profile overwriting the other browser’s authorization key. The next profile then tries to access KeepassRPC with it’s own (now overwritten and thus invalidated) authorization, which fails, so it requests a new one and overwrites it once again. The vicious cycle continues every time a different profile loads the database.
The easiest way to see if this is occurring with your installation is to start one of the affected browser profiles, then open the KeePassRPC options window from within KeePass, and select the Authorized clients tab. Note the “Unique ID” of the active session. Then close that browser, open another profile or browser, and the authorization dialog will likely appear. After that, again check the “Unique ID” for the active session again, and if it is the same, then both browsers are sharing the same “Unique ID” and the conflict causes them to overwrite each other’s authorization key.
This situation can be easily repaired by opening about:config, searching for the offending duplicated key, and changing it to something actually unique for each affected browser.
Tested with Keefox specifically, but I am fairly confident Kee 2.0+ could also be affected and repaired in the same way. Hope this helps some people.