By Giuseppe Borzi Last update Nov 22, 2009 — Installed 1,570 times.

Script Summary: Login and Password Manager - Cookie based

Version: 0.2

Copyright: 2009 by Giuseppe Borzi

License: GPL


I've made a Midori extension for password management. It can be found here


The code has been reorganised and an hack has been introduced to deal with those
sites that use javascript to encode the password.


This script adds Login/Password management to midori browser (that currently
lacks a password manager), and possibly to any javascript capable browser.
It has only been tested with midori.


Install the script (for midori, simply copy to ~/.local/share/midori/scripts),
choose a master password and place it at line 330 as

LogPwd.mypassword = "the password you want"

then in the preferences dialog of your browser set the expiration date for
cookies to a few years. Your login/password will last until the cookie's
expiration date. By default the script tries to put the expiration to
ten years in the future, but it cannot go beyond the expiration date set by
the browser. For midori the expiration limit is set in Preferences -> Privacy
-> Maximum coockie age.
Please note that if you change your master password the stored login/passwords
will become useless.


When you enter a new login/password pair for a site and hit the "Login" button
a popup will ask you if you want to store the information. If this prompt
doesn't appear, try to submit your login/password pair pressing the "Enter"
Clicking "Yes" will store the pair, so that the next time you'll load that
login page the login and password fields will be filled. Answering "No" to
the confirmation box will popup another confirmation box, asking you if you
don't want to store login password pairs for the site. Answering "Yes" you'll
never be prompted again to store. Answering "No" the login/password pair
won't be stored, but you'll be prompted again next time.
If you enter a new password for an already stored login, a popup will ask
if you want to store the new password. Entering a new login/password pair
for a site that has already one or more stored pairs will store the new pair
along with the previous ones.
When multiple login/password pairs are stored, a menu listing the possible
login will appear. This menu lets you delete its entries, i.e. your
login/password pairs one at a time. The menu disappears when there is only
one login/password pair left.
Login/password pairs can be managed with the cookie manager of the browser.
In midori, open the cookie manager and filter the cookies with "logpass".
Deleting a cookie will delete the corresponding login information. The cookie
data is a string with the following format


where "n" is the number of stored login/password pairs in the cookie. n=0 means
that no login/password information will be stored. The encryption is done
using the TEA algorithm, more info on this algorithm can be found in the


I've made a couple of hacks to make the script work with some problematic
sites, but it may still fail to store the login/password pair on other sites.
So, suppose there is a site "http://www.averystrangelogin.com", and "mylogin"
"mypassword" are your login/password pair and the script fails to store them.
You can still automatically fill the login/password fields with this hack:
open the script and go to the last lines, where you'll find this line of code


change it to

if(location.href.indexOf("http://www.averystrangelogin.com")==0) {
} else {


If you notice that Midori slows down after some time you installed this script, this may be due to the high number of cookies stored by the browser. This number can become very high because the expiration date is far in the future. To solve this problem you'll have to delete the cookies that don't store login/password pairs. A quick way to do this is from the command line
$ grep logpass ~/.config/midori/cookies.txt > cookies.txt
$ mv cookies.txt ~/.config/midori/cookies.txt
please note that these commands will delete all your cookies except those containing login/password pairs.</encrypted></encrypted></encrypted>