> > YANG ChengFu <[email protected]> writes: > > > > > as I know webauth does not allow web browser to save username and > > > password in weblogin form, I guess it is for security reason, but people > > > in our company complain a lot, so I am wondering if it is possible to > > > enable it to save username or username/password?
> On Wed, Jan 9, 2013 at 8:26 PM, Russ Allbery > <[email protected]>wrote: > > > I'm not sure what you mean by saving. Do you mean the browser support for > > saving frequently-used form data, prefilling the fields from a cookie, or > > something else? [...] * YANG ChengFu <[email protected]> [2013-01-10 10:27 -0500]: > > yes, I want to prefilling field from cookie, thanks for your suggestion, I > will take a look at it 1 Before you pursue the cookie route, I'll just expand on something else Russ mentioned, which is "browser support for saving [...] form data", as this was definitely how I interpreted your initial question. The login form in login.tmpl (the *.tmpl files are the ones that are designed to be routinely customisable by most sites) has: autocomplete="OFF" Although it's not quite true to say that this doesn't allow the browser to save the username and password, most browsers will obey this hint and decline to offer their usual form filling and password remembering functionality for this form. Removing the autocomplete="OFF" attribute isn't necessarily a bad idea in all cases, but should be done with an understanding of how it can affect relevant risks, which in turn depend on many aspects of client configuration and user behaviour, and will vary from organisation to organisation. -- Tom Jones
