Search Mailing List Archives
weblogin form username and password autosave
youngseph at gmail.com
Thu Jan 10 11:05:54 PST 2013
thanks a lot, it works !
Orange Key: 35745318S1
On Thu, Jan 10, 2013 at 11:51 AM, Tom Jones <tom.jones at it.ox.ac.uk> wrote:
> > > YANG ChengFu <youngseph at gmail.com> writes:
> > >
> > > > as I know webauth does not allow web browser to save username and
> > > > password in weblogin form, I guess it is for security reason, but
> > > > in our company complain a lot, so I am wondering if it is possible to
> > > > enable it to save username or username/password?
> > On Wed, Jan 9, 2013 at 8:26 PM, Russ Allbery <
> eagle at windlord.stanford.edu>wrote:
> > > I'm not sure what you mean by saving. Do you mean the browser support
> > > saving frequently-used form data, prefilling the fields from a cookie,
> > > something else?
> * YANG ChengFu <youngseph at gmail.com> [2013-01-10 10:27 -0500]:
> > yes, I want to prefilling field from cookie, thanks for your suggestion,
> > will take a look at it 1
> Before you pursue the cookie route, I'll just expand on something else Russ
> mentioned, which is "browser support for saving [...] form data", as this
> was definitely how I interpreted your initial question. The login form in
> login.tmpl (the *.tmpl files are the ones that are designed to be routinely
> customisable by most sites) has:
> Although it's not quite true to say that this doesn't allow the browser to
> save the username and password, most browsers will obey this hint and
> decline to offer their usual form filling and password remembering
> functionality for this form.
> Removing the autocomplete="OFF" attribute isn't necessarily a bad idea in
> all cases, but should be done with an understanding of how it can affect
> relevant risks, which in turn depend on many aspects of client
> and user behaviour, and will vary from organisation to organisation.
> Tom Jones
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webauth-info