Do not let browser save password

Asked

Viewed 621 times

2

I need to make the browser does not save the user password, I have tried autocomplete="off", autocomplete="new-password", already put in the form of the page autocomplete="off", but even so the browser asks to save the password, how can I not let save? Or the countryside won’t even ask ?

 <asp:TextBox ID="txtsenha" AutoCompleteType="Disabled" CssClass="form-control" runat="server" autocomplete="new-password" type="password" placeholder="Senha"></asp:TextBox>

I tried to include this line before, to fool the browser:

 <input style="display: none" />

I also tried to put with the same name to trick the browser, and no way it worked, someone has some effective example to help me?

  • I’m not sure if it works, but you’ve tried setting the attributes TextMode="Password", EnableViewState="false" and AutoComplete="off" in the ASP field?

  • I didn’t try, but I took the test now, and it didn’t work either.

2 answers

1


I can not say, but I believe that in most browsers put themselves in the tag <form> should work:

<form action="baz.aspx" method="post" autocomplete="off">

Of course regardless of this, this is something of user control, is a facilitator, I think it should be user choice whether or not he wants to save.

Of course there are alternative solutions that might solve the problem, like using a form false combined with Ajax, ie would probably not even use asp:TextBox runat=server for example (should not be within form):

<div id="meu-form" data-url="foo.aspx" data-location="/dashboard/">
    <input name="login" autocomplete="off">
    <input name="pass" autocomplete="off">
    <button class="logar">Logar</button>
</div>

And in Ajax it would look like this:

var form = document.getElementById('meu-form'),
    requesting = false;

actLogon.onclick = function() {
    if (requesting) return;

    //Bloqueia as requisições enquanto estiver logando
    requesting = true;

    var action = form.dataset.url;
    var loc = form.dataset.location;

    var actLogon = form.querySelector('button.logar');
    var login = form.querySelector('login');
    var pass = form.querySelector('pass');

    //Variaveis que vão para o servidor
    var variaveis = [
         "login=" + encodeURIcomponent(login),
         "pass=" + encodeURIcomponent(pass)
    ].join("&");

    //Ajax
    var oReq = new XMLHttpRequest;

    oReq.open("POST", action, true);

    //Função assíncrona que aguarda a resposta
    oReq.onreadystatechange = function()
    {
        if (oReq.readyState === 4) {
            if (oReq.status === 200) {
                if (oReq.responseText === "sucesso") {
                    window.location.replace(loc);
                } else {
                    alert("Erro: " + oReq.responseText);
                }
            } else {
                alert("Erro: " + oReq.status);
            }

            actLogon = false;
        }
    };

    //Envia a requisição, mas a resposta fica sendo aguardada em Background
    oReq.send(variaveis);
};

Explaining the code:

  • The <div id="meu-form" data-url="foo.aspx" data-location="/dashboard/"> will take the place of the form

  • The data-url="foo.aspx" must contain the URL value that will be used only for the ajax

  • The data-location="/dashboard/" must contain the target URL, that is the screen after the user is logged in

  • As variaveis should contain the keys and values that will pick up the Ajax page (foo.aspx is only one example)

    var variaveis = [
         "login=" + encodeURIcomponent(login),
         "pass=" + encodeURIcomponent(pass)
    ].join("&");
    
  • Your aspx should return only the text sucesso in the response to Ajax, if the login was correct:

    if (oReq.responseText === "sucesso") {
        window.location.replace(loc);
    } else {
        alert("Erro: " + oReq.responseText);
    }
    

    Otherwise it will display the alert with an error message, which you can customize.

In the foo.aspx (regardless of the name you give), should look something like:

context.Response.ContentType = "text/plain";

var login = context.Request.Form["login"];
var pass = context.Request.Form["pass"];

//Faz o login aqui

if (/*Se o login estiver correto*/) {
    context.Response.Write("sucesso");
} else {
    context.Response.Write("Erro");
}

context.Response.End();
  • I did this on my page, but it did not work, still giving the option, for security reasons, was decided by the team, not to let the user save the password.

  • @marianac_costa see if you can understand the example in Ajax that I did

  • @marianac_costa edited the answer to add a few more explanations

0

Seeing this reply of OS

Missed to set the type="password" in the input hidden'. It is also necessary that this input come before the input that will really be used.

<form>
    <div style="display: none">
         <input  type="password" />
    </div>

    <asp:TextBox ID="txtsenha" AutoCompleteType="Disabled" CssClass="form-control" runat="server" autocomplete="new-password" type="password" placeholder="Senha"></asp:TextBox>
</form>
  • I tried that way, but it didn’t work either.

  • Ever tried to leave in a div hidden? edited the answer

  • Also did not work, I did the test putting one before, and one after txtsenha, but also did not solve.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.