1Click or Go and Fill works ONLY every other time with USAA

I have a number of 1Click bookmarks and most work just fine. I just set up my USAA account with 1Password and the login from the browser extension seems to work every time if I type in the URL. However, clicking the arrow by the URL in the 1Password app login item or clicking the 1Click bookmark only works every other time. One time it will fill the form and submit, the next time it doesn't fill anything, then the next time it works again and so on. That behavior is completely consistent: works every other time, never two times in a row.

In contrast, my Wells Fargo login works correctly every time. So does my Citibank. I don't recall any others that fail like USAA but there might be some I use only rarely and have forgotten about.

I've created the USAA login manually and I've created it by filling out the form and saving before submitting. What can I look for to fix this?

Safari 6.04, 1Password 3.8.21, OS X 10.8.3

Comments

  • khad
    khad
    1Password Alumni

    I'm sorry that you are having some trouble.

    Does it make a difference if you open a new tab each time? When you are testing and seeing success on alternating attempts, are you reusing the same tab?

    What version of the 1Password extension do you have installed in Safari?

  • jtucker
    jtucker
    Community Member

    Extension version is 3.9.14

    Most of my testing was opening a new Safari window each time. Doing that, I get perfectly consistent results: One time it fails, next time it works, third time it fails, fourth time it works, and on and on.

    By failure, I mean that it opens the URL but does not fill the username/password fields.

    I just now tried closing Safari between tests. Doing that, it never works the first time but always works the second. Same as above.

    I also just tried opening new tabs. Same results: works on alternate clicks of the bookmark. That is true whether I do it within the same tab as the first attempt, in a second tab with the first still open, or in a new tab after closing the first.

    This never happens with WellsFargo or Citibank. Quite a mystery to me. The process seems to be the same on all three; and there are no obvious visible differences in the initial page at the USAA URL between the different clicks of the bookmark; the URL is the same for each click of the bookmark.

    I'm happy to do all the testing you need if you can tell me what to try.

  • khad
    khad
    1Password Alumni

    Could you try the beta version of the Safari extension?

    https://agilebits.com/extensions/mac/safari.html?beta=y

    Let me know if you experience the same thing.

  • jtucker
    jtucker
    Community Member
    edited June 2013

    Loaded the beta extension. It shows as beta under Safari Preferences. Same results, unfortunately.

    Edit: If it helps, the behavior is exactly the same under Chrome Version 27.0.1453.93

  • jtucker
    jtucker
    Community Member
    edited June 2013

    More info:

    If I log on to the USAA website, then log off, it gives me a page that has a "log on" button (but no fields to fill in). If I then click the log on button, it brings up a page with the username/password fields. From there, if I click my 1Click bookmark, it fills in the fields and logs me on every time. EVERY time.

    But from any other page it only works every other time. In the grander scheme this is pretty minor, though annoying. But clearly, there's something squirrely going on.

    My Wells Fargo, Citibank, Amazon, AT&T, and Atmos Energy 1Click bookmarks work every time, regardless of what page I'm on when I click them.

    NOTE: After logging off, if I don't click the "log on" button, but simply click the 1Click bookmark from the "you are successfully logged off" page, it fails every other time as usual. So, it appears that it only works every other time the log on page with the fields appears, regardless of how that page was reached...whether from a button on a different USAA page or via an initial click of the 1Click bookmark.

  • khad
    khad
    1Password Alumni

    It sounds like it might be some sort of session problem on the USAA site if you're seeing the problem in multiple browsers and it doesn't happen for any other site. I'll see if anyone else on the team has a USAA account so we can test this more.

  • jtucker
    jtucker
    Community Member
    edited June 2013

    I'm happy to help with any kind of diagnostics if you can tell me what to do. Browser internals are pretty much a mystery to me but I have Develop menu turned on so I can send whatever you need from there. A few things:

    1. I turned off auto-submit for this login and looked at the instance where it worked and the one where it didn't with the Web Inspector. One glaring difference shown by the Web Inspector is on the summary on the right side of the Inpector output: when it works, the Inspector shows the Request & Response having "Method POST". On the one where it fails, it shows "Method Get". The code for the username field is a "POST" in both cases. I've no clue what the difference means or why it's different.

    2. Having turned off auto-submit, if I simply go to a different website (not USAA.com) after 1Password fills in the login fields (without actually clicking "Log on"), then use the 1Click bookmark again, it fills in the fields every time. If I do go ahead and log in then log off and use the 1Click again, this time it fails.

    3. I've tried clearing cookies and cache between all these attempts and that has no effect, so it's NOT quite so simple as that. I use Cookie and make sure there's no Flash or other such data being kept in addition to regular cookies.

  • khad
    khad
    1Password Alumni

    It sounds like the form is different once you log off.

    What is the URL in the 1Click Bookmark? What is the URL you are trying to fill after logging off?

  • jtucker
    jtucker
    Community Member
    edited June 2013

    It seems that way, but the URL is the same in the case when it succeeds and when it fails. Anyway, here are the URLs

    Upon clicking the Log Off button (after having logged on): https://www.usaa.com/inet/ent_logon/Logoff?wa_ref=pri_auth_nav_logoff

    Upon clicking the Log On button (from the above Log Off page): https://www.usaa.com/inet/ent_logon/Logon

    My 1Click bookmark URL (minus the 1Password part): https://www.usaa.com/inet/ent_logon/Logon?onepasswdfill=*************

    If I start from a tab or window at Google.com (for example) and click the bookmark, one time it takes me to https://www.usaa.com/inet/ent_logon/Logon and does nothing else. The next time I start from Google.com and click the bookmark it takes me to https://www.usaa.com/inet/ent_logon/Logon and fills in the username/password fields. And if I have Auto-Submit on, then it continues with the log on.

    Clicking the entry in the browser extension while at https://www.usaa.com/inet/ent_logon/Logon ALWAYS fills in the fields. ALWAYS.

    I've checked some other 1Click bookmarks (BOMC.com, Progressive.com, Fidelity.com, Netflix.com) which work without fail. I haven't tried all of my bookmarks but of the ones I've tried, only USAA has this problem.

    There's clearly something odd going on. I don't know how to trace the details but it certainly appears that something related to the "onepasswdfill" is messed up. Doesn't make any sense to me.

  • jtucker
    jtucker
    Community Member
    edited June 2013

    Some more info from a few tests just now, closing Safari (and clearing any cookies) between each test, clicking the 1Click bookmark from my Apple start page in Safari:

    1. It always fails the first time after restarting Safari. Always.
    2. it always succeeds the second time after restarting Safari, even if I go back to the Apple start page and clear all cookies between clicks (not a second restart of Safari, BTW, just a second click of bookmark in same Safari instance and window where it failed moments earlier)
    3. I opened the Show Page Source window and saved the HTML from both failure and success, loading them into TextWrangler and checking differences. There are quite a few differences but it's 2500 lines and my HTML knowledge is too rudimentary to understand their significance:

    a. Failure includes a Yahoo speed detection script that the succes does not

    b. There are a handful of references to things like "gen1" and "gen2" in the respective files, where a suffix differs.

    c. Failure references a redirect on the logon URL in some wrapper section, success does not

    d. Some things have a "hidden" attribute in the failure, generally not in the success

    e. At least one item has a different screen position ... I'm not sure it's related to any logon item.

    I guess it's pretty clear that the page is dynamic and differs from first to second iteration. But if I'm clearing all kinds of cookies and cache between runs, how does it know that?

    And more importantly, what about those differences is throwing off the 1Password fill? To the human eye, the two pages are identical.

  • khad
    khad
    1Password Alumni

    Does it make a difference if you change the URL in the Login item to https://www.usaa.com/inet/ent_logon/Logoff?wa_ref=pri_auth_nav_logoff and then create a new 1Click Bookmark based on that? I wonder if the URL parameter (the part after the question mark) is making a difference.

  • jtucker
    jtucker
    Community Member

    Interesting idea. It changed the behavior, not in a good way. It breaks it completely by leaving me at the "logged off" page. Interestingly, the first time I clicked the new bookmark the URL was

    https://www.usaa.com/inet/ent_logon/Logoff?wa_ref=pri_auth_nav_logoff&akredirect=true

    The second time, it did not have the "&akredirect=true". But neither did any subsequent clicks from any starting page.

    I know that the redirect is one of the differences in the HTML source between working and non-working. But I don't know enough to figure out why it includes that every other time.

    It seems to me that some of the non-visible differences in the HTML on alternate loads must be throwing off 1Password's parsing to detect the username and password fields. I don't understand why it's different; could they be using the equivalent of a server-side cookie? Perhaps they calculate the time since last execution of the speed test and run that speed test again after some specified time has elapsed, thus the slightly different HTML. It's not a cookie on my system.

    I'll run some more tests, delaying between successive clicks. If my guess is correct, then some amount of delay will cause it to fail consecutively because it'll load the same version of the HTML each time.

  • jtucker
    jtucker
    Community Member

    And the answer is "yes, if I wait some amount of time between tries of the 1Click bookmark, it will fail each time." How long I have to wait is not certain -- 15 minutes is too short, 4 hours is long enough. Recall that the problem is that the 1Click bookmark fails to fill the fields every other time when tried it quick succession, succeeds the intervening tries.

    None of that explains what it is that is causing 1Password fill to fail. The pages are visibly identical, but the HTML sources have several differences. I can send you the source of the pages if you like.

  • khad
    khad
    1Password Alumni

    Thank you for all your efforts on this. They are greatly appreciated!

    I can send you the source of the pages if you like.

    That would be great. Please be sure to send them as Web Archive so we get all the bits and pieces not just the HTML. Then attach the entire files to an email to us: support@ agilebits .com

    Please include a link to this thread in your email so that we can "connect the dots" when we see them in our inbox. :)

    Thanks again for your efforts thus far, and thanks in advance for the Web Archives!

  • jtucker
    jtucker
    Community Member

    Okay, I'll do that shortly. I'm traveling for another couple days and will send later this week.

  • khad
    khad
    1Password Alumni

    Take your time. We are a bit busier lately due to the sale anyway. :D

    Thanks so much!

This discussion has been closed.