OK. Let’s suppose that the active browser tab is displaying the login form at the URL
https://testserver.domain.com/site2, and you wish for
Account5 to be auto-filled.
Clearly, there is no scenario under which your Google account (
Account1) will be matched here so let’s skip to the others.
When Bitwarden checks whether to match the
Account2 credentials to the active login form, it will go through the preference logic outlined above, and first determine that there is no exact match between the active URL and the
Account2 URI (so it will proceed to check if there is a “Host” match); next, it will determine that there is no “Host” match (so it will proceed to check for a “Based Domain” match); in this final test, it determines that the Base Domain of the active URL (
https://testserver.domain.com/site2) does match the Base Domain of the
Account2 URI (
https://workday.domain.com). Hence, it will register this as a match, and therefore offer
Account2 as one of the options for auto-filling the form.
The same thing will happen with the vault item for
Account3: the corresponding URI (
https://training.domain.com) will fail the exact and host matching, but will match on base domain. As a result, the credentials for
Account3 will also be offered by Bitwarden as one of the options for auto-filling the form.
With the vault item for
Account4, the exact match test will fail, but moving on to the “Host” test, Bitwarden will find a match, and therefore will offer
Account4 as one of the options for auto-filling the form.
And clearly, when Bitwarden processes the vault item for
Account5, it will find a match when comparing the exact values of the active URL and the stored URI. Not surprisingly,
Account5 will be offered by the Bitwarden browser extension as one of the options for auto-filling the form.
Therefore, the end result of the preference rules you have proposed will be that when your browser tab contains the login form at the URL
https://testserver.domain.com/site2, the Bitwarden browser extension will find four different accounts that “match” (
If we perform a similar analysis of what would happen when the active URL represents any of the other login forms in the
domain.com domain (i.e.,
https://testserver.domain.com/site1), we would find the same result: the Bitwarden browser extension will always match the credentials for
Thus, as I already noted previously your proposed “preference order” scheme will yield results that are identical to what woudl happen if you simply set the URI Macth Detection rule to Base Domain.