How can I get browser to prompt to save password?

views:

588

answers:

+4 Q:

How can I get browser to prompt to save password?

Hey, I'm working on a web app that has a login dialog that works like this:

User clicks "login"
Login form HTML is loaded with AJAX and displayed in DIV on page
User enters user/pass in fields and clicks submit. It's NOT a <form> -- user/pass are submitted via AJAX
If user/pass are okay, page reloads with user logged in.
If user/pass are bad, page does NOT reload but error message appears in DIV and user gets to try again.

Here's the problem: the browser never offers the usual "Save this password? Yes / Never / Not Now" prompt that it does for other sites.

I tried wrapping the <div> in <form> tags with "autocomplete='on'" but that made no difference.

Is it possible to get the browser to offer to store the password without a major rework of my login flow?

thanks Eric

p.s. to add to my question, I'm definitely working with browers that store passwords, and I've never clicked "never for this site" ...this is a technical issue with the browser not detecting that it's a login form, not operator error :-)

Your site is probably already in the list where the browser is told not to prompt for saving a password. In firefox, Options -> Security -> Remember password for sites[check box] - exceptions[button]

Dave.Sol 2010-03-04 20:06:31

+1 A:

The browser might not be able to detect that your form is a login form. According to some of the discussion in this previous question, a browser looks for form fields that look like <input type="password">. Is your password form field implemented similar to that?

Edit: To answer your questions below, I think Firefox detects passwords by form.elements[n].type == "password" (iterating through all form elements) and then detects the username field by searching backwards through form elements for the text field immediately before the password field (more info here). From what I can tell, your login form needs to be part of a <form> or Firefox won't detect it.

bta 2010-03-04 20:07:59

It's similar, yes, thanks I'll accept this as the official answer since this is about as close as we're getting.Here's something frustrating: I can't seem to find (anywhere on the web) a simple blog post that says "Here are the rules that browsers use to detect if the form you're filling out is a login form, so they can offer to save the user's password." Considering this is a bit of black magic (and considering Mozilla, at least, is open source), you'd think someone would just publish the heuristics.

Eric 2010-03-06 21:51:58

(And similarly, there doesn't seem to be a way for me to "hint" my login form so the browser knows it's a login form. Again, surprised this isn't better documented out there on the web. I think my changes will be to the form field names and the overall HTML structure, and then I hope [!] that fixes the problem.)

Eric 2010-03-06 21:53:02

Okay, no luck. I've asked a new question, approaching this from a slightly different angle: http://stackoverflow.com/questions/2398763/how-does-browser-know-when-to-prompt-user-to-save-password

Eric 2010-03-08 01:16:29

You could check the source code.

George Edison 2010-04-02 21:17:06

Not every browser (e.g. IE 6) has options to remember credentials.

One thing you can do is to (once the user successfully logs in) store the user information via cookie and have a "Remember Me on this machine" option. That way, when the user comes again (even if he's logged off), your web application can retrieve the cookie and get the user information (user ID + Session ID) and allow him/her to carry on working.

Hope this can be suggestive. :-)

The Elite Gentleman 2010-03-04 20:10:29

I wouldn't store user information in a cookie, at least anything sensitive.

Jack Marchetti 2010-03-04 20:33:23

I didn't mean store the user password. Obviously you would have to be very creative in how you will have to create `useful garbage` to identify user info. Even SO stores info in cookie in order to recognise you.

The Elite Gentleman 2010-03-04 20:44:41

fair enough, but i'd still encrypt as much as you could.

Jack Marchetti 2010-03-04 20:54:17

Using a cookie would probably be the best way to do this.

You could have a checkbox for 'Remember me?' and have the form create a cookie to store the //user's login// info. EDIT: User Session Information

To create a cookie, you'll need to process the login form with PHP.

Mandrig 2010-03-04 20:26:15

The truth is, you can't force the browser to ask. I'm sure the browser has it's own algorithm for guessing if you've entered a username/password, such as looking for an input of type="password" but you cannot set anything to force the browser.

You could, as others suggest, add user information in a cookie. If you do this, you better encrypt it at the least and do not store their password. Perhaps store their username at most.

Jack Marchetti 2010-03-04 20:35:42

And you suggest cookies?

The Elite Gentleman 2010-03-04 20:45:25

i say to encrypt whatever you store in them though.

Jack Marchetti 2010-03-04 20:48:08

ansaurus

tags:

views:

answers:

How can I get browser to prompt to save password?

related questions