How to force browsers not to save form data

Forum Moderators: open

Message Too Old, No Replies

How to force browsers not to save form data

gcan

2:38 pm on Oct 6, 2009 (gmt 0)

I use random field names in login form and I was sure that it will prevent browsers from saving form data:


<input type="text" name="nick-<?=$random_code?>" maxlenght="16" class="nick">

<input type="password" name="password-<?=$random_code?>" size="18" class="password">

Today I received a message from one of my users with a question how to turn off data saving in login form. The user says that her nickname and password appear in login form when she opens my website.

I don't know how is it possible because I did make tests in some browsers and form data was not saved.

Does it mean that random field names can't prevent from data saving in forms?

Thanks.

jdMorgan

5:14 pm on Oct 6, 2009 (gmt 0)

Make the form accessible only using HTTPS, and mark it as completely non-cacheable by using the HTTP Cache-Control headers with no-store and expires attributes.

Jim

londrum

5:36 pm on Oct 6, 2009 (gmt 0)

most forms have got a 'remember me' button. if you've got one of those, and it deposits a cookie on their system, then can't you just check for its existence before writing something to the 'value' attribute?

instead of sticking the normal

isset($_POST['nick'])

kind of thing in the value attribute the first time the form loads, just write a default message instead, or a blank space, unless they've got the cookie.

gcan

7:51 pm on Oct 6, 2009 (gmt 0)

thank you for your replies.

No, there is no "remember me" button. I just did make one more test. I changed the settings in Internet Explorer and Firefox. I checked all options to save user names passwords, forms. Restarted browsers. Logged in/out to my website. Closed both browsers and opened them again. The login form is empty. I can't understand how is possible that for one user browser saves form data.

encyclo

7:55 pm on Oct 6, 2009 (gmt 0)

I think you are looking for:

<form action="" [b]autocomplete="off"[/b]>

gcan

6:34 pm on Oct 7, 2009 (gmt 0)

thank you encyclo. I didn't know about autocomplete="off".