Hello Tom, thanks a lot, it works !
-- Yang Orange Key: 35745318S1 On Thu, Jan 10, 2013 at 11:51 AM, Tom Jones <[email protected]> wrote: > > > YANG ChengFu <[email protected]> writes: > > > > > > > as I know webauth does not allow web browser to save username and > > > > password in weblogin form, I guess it is for security reason, but > people > > > > in our company complain a lot, so I am wondering if it is possible to > > > > enable it to save username or username/password? > > > On Wed, Jan 9, 2013 at 8:26 PM, Russ Allbery < > [email protected]>wrote: > > > > > I'm not sure what you mean by saving. Do you mean the browser support > for > > > saving frequently-used form data, prefilling the fields from a cookie, > or > > > something else? > [...] > > * YANG ChengFu <[email protected]> [2013-01-10 10:27 -0500]: > > > > yes, I want to prefilling field from cookie, thanks for your suggestion, > I > > will take a look at it 1 > > Before you pursue the cookie route, I'll just expand on something else Russ > mentioned, which is "browser support for saving [...] form data", as this > was definitely how I interpreted your initial question. The login form in > login.tmpl (the *.tmpl files are the ones that are designed to be routinely > customisable by most sites) has: > > autocomplete="OFF" > > Although it's not quite true to say that this doesn't allow the browser to > save the username and password, most browsers will obey this hint and > decline to offer their usual form filling and password remembering > functionality for this form. > > Removing the autocomplete="OFF" attribute isn't necessarily a bad idea in > all cases, but should be done with an understanding of how it can affect > relevant risks, which in turn depend on many aspects of client > configuration > and user behaviour, and will vary from organisation to organisation. > > -- > Tom Jones > >
