Password generator doesn't generate new password in the same session

Is it a bug or a feature?<p>Depending on the exact wording, I completely expect the browser to suggest the same password for the same website in the same session for the same user.<p>Websites are crap and sometimes you need to enter the same password twice before the browser has gotten the notice to actually save the first one.

Could be &quot;fixed&quot; by showing two entries: &quot;previous password&quot; and &quot;new password&quot;.<p>This will change the ui a bit though.

Can someone explain me what the issue is with this? Not a hypothetical reason, but a real life example?

And here<p><a href="https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=1786712" rel="nofollow">https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=1786712</a><p>This is sort of a ridiculous bug, tbh. What rationale could this be &quot;currently by design&quot;?

Most recent issue that tracks this is <a href="https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=1551723" rel="nofollow">https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=1551723</a>

This is pretty absurd and goes against every expectation I&#x27;d have of a password generator. The only reason I can think of it being useful is if the site has a separate screen for a confirm password field, but even then the password should be saved in the password manager the first time it is submitted.

&gt;This is currently by design<p>What?

If you are on a UN*X Type system, you can create your own random passwords very easily.<p>tr -cd &quot;[:alnum:]&quot; &lt; &#x2F;dev&#x2F;urandom | fold -w 20 | sed 10q<p>So I have no need for these fancy password generators :)

This is quite easy to reproduce. Wow.<p>IMO they should just remove the password generator feature. It&#x27;s barely usable, and with this behavior it&#x27;s just dangerous.<p>Why barely usable? Some really simple features are missing. I miss the ability to specify password requirements - for annoying sites which specify length, require so and so many these and those types of characters, or even forbid some types. And another one is that it&#x27;s not possible to manually generate a password, not even in the password storage UI, when manually adding a new entry. So, if a site did not correctly declare a password field, which happens, you must generate a password yourself somehow.

Has anyone the time to do a code review on that: I would not be surprised if there&#x27;s even less entropy in Firefox generated passwords than the bug report might indicate (e.g. just uses time and domain as random seed).<p>If that&#x27;s the case it would make a new &quot;named&quot; vulnerability (FOXHOLE, FIREBLEED, whatever).