Do not let browser Save Password
I need to make the browser not save the user password, I have tried autocomplete= "off", autocomplete="new-password", I have put in the page form autocomplete="off", but even so the browser asks to save the password, How can I do not let save? Or the field does not even ask ?
<asp:TextBox ID="txtsenha" AutoCompleteType="Disabled" CssClass="form-control" runat="server" autocomplete="new-password" type="password" placeholder="Senha"></asp:TextBox>I tried to include this line before, to trick the browser:
<input style="display: none" />I also tried to put with the same name to cheat the browser, and no way worked, Does anyone have any effective example to help me?
2 answers
I can't say, but I think that in most browsers putting the tag <form> should work:
<form action="baz.aspx" method="post" autocomplete="off">
Of course regardless of this, this is something of user control, it is a facilitator, I think it should be user choice whether or not he wants to save.
Of course there are workarounds that maybe solve the problem, like using a fake form combined with Ajax, i.e. probably wouldn't even use asp:TextBox runat=server for example (shouldn't stay inside from form):
<div id="meu-form" data-url="foo.aspx" data-location="/dashboard/">
<input name="login" autocomplete="off">
<input name="pass" autocomplete="off">
<button class="logar">Logar</button>
</div>
And in Ajax it would look like this:
var form = document.getElementById('meu-form'),
requesting = false;
actLogon.onclick = function() {
if (requesting) return;
//Bloqueia as requisições enquanto estiver logando
requesting = true;
var action = form.dataset.url;
var loc = form.dataset.location;
var actLogon = form.querySelector('button.logar');
var login = form.querySelector('login');
var pass = form.querySelector('pass');
//Variaveis que vão para o servidor
var variaveis = [
"login=" + encodeURIcomponent(login),
"pass=" + encodeURIcomponent(pass)
].join("&");
//Ajax
var oReq = new XMLHttpRequest;
oReq.open("POST", action, true);
//Função assíncrona que aguarda a resposta
oReq.onreadystatechange = function()
{
if (oReq.readyState === 4) {
if (oReq.status === 200) {
if (oReq.responseText === "sucesso") {
window.location.replace(loc);
} else {
alert("Erro: " + oReq.responseText);
}
} else {
alert("Erro: " + oReq.status);
}
actLogon = false;
}
};
//Envia a requisição, mas a resposta fica sendo aguardada em Background
oReq.send(variaveis);
};
Explaining the code:
-
The
<div id="meu-form" data-url="foo.aspx" data-location="/dashboard/">will stand in place of the form The
data-url="foo.aspx"must contain the value of the URL that will be used only for ajax-
The
data-location="/dashboard/"must contain the destination URL, i.e. the screen after the user is logged in -
The
variaveismust contain the keys and values you will pick up on the Ajax page (foo.aspxis only an example)var variaveis = [ "login=" + encodeURIcomponent(login), "pass=" + encodeURIcomponent(pass) ].join("&"); -
Your aspx should return only the text
sucessoin the response to Ajax, if the login was correct:if (oReq.responseText === "sucesso") { window.location.replace(loc); } else { alert("Erro: " + oReq.responseText); }Otherwise it will display
alertwith an error message, which you can customize.
In foo.aspx (regardless of the name it gives), it should look something like:
context.Response.ContentType = "text/plain";
var login = context.Request.Form["login"];
var pass = context.Request.Form["pass"];
//Faz o login aqui
if (/*Se o login estiver correto*/) {
context.Response.Write("sucesso");
} else {
context.Response.Write("Erro");
}
context.Response.End();
Seeing this response from OS
Failed to set type="password" to input hidden'. It is also necessary that this input comes before the input that will actually be used.
<form>
<div style="display: none">
<input type="password" />
</div>
<asp:TextBox ID="txtsenha" AutoCompleteType="Disabled" CssClass="form-control" runat="server" autocomplete="new-password" type="password" placeholder="Senha"></asp:TextBox>
</form>