Hi,
Where does setting the CACHE-CONTROL HTML meta tag come into the autocomplete argument? Is it necessary to explicitly set autocomplete=off for sensitive inputs if you have told the browser not to cache anything by setting CACHE-CONTROL=NO-CACHE? I assume that if the browser has been told not to cache anything, it can't cache my sensitive fields, but then belt and braces when it comes to security, right? Am I overdoing it by having both?
Thanks,
Fintan
The browser autocomplete is unrelated to the browser cache. The cache saves the actual data sent to the browser by web sites - i.e. the HTML code, CSS, Javascript and images. The autocomplete is a browser feature that saves what the user types into forms.
Setting "no-cache" will not stop autocomplete, it will just stop the browser saving the page to the user's computer. If the page itself contains possibly sensitive information (outside of the form), then use it, otherwise it the user must download the page every time they visit it, using more bandwidth for them and the server.