2

When I use a old fashion form to login the browser it will ask me if I want to save my username and password. However I do not use form submits to login any more.

I use ajax to login and when the user logs in with the correct username and password combination the javascript will reload the page.

Is there a javascript method to tell the browsers that it has to save the login information?

How to fix this?

botenvouwer
  • 4,334
  • 9
  • 46
  • 75
  • check this [http://stackoverflow.com/questions/2382329/how-can-i-get-browser-to-prompt-to-save-password][1] [1]: http://stackoverflow.com/questions/2382329/how-can-i-get-browser-to-prompt-to-save-password – akbar ali Dec 06 '13 at 13:10
  • 1
    its security nightmare to make user login in by ajax.. – skos Dec 06 '13 at 13:10
  • Related: http://stackoverflow.com/questions/2382329/how-can-i-get-browser-to-prompt-to-save-password – Joseph N. Dec 06 '13 at 13:13
  • @SachynKosare : I would be interrested in any resource explaining this. I actually can't think of any good reason it would be a problem... – Laurent S. Dec 06 '13 at 13:14
  • @Bartdude wont the passwords get exposed if we look at the post data using any web development tool like firebug ? – skos Dec 06 '13 at 13:16
  • 3
    @SachynKosare - The same applies even if its not AJAX. Its not about AJAX, its about securing the request with SSL. AJAX as such does not cause any security risks. – techfoobar Dec 06 '13 at 13:20
  • I need some time to read in on all the references to other questions and their solutions I will come back on this! btw @SachynKosare There is no actual difference between ajax and a form post submit. Its both a http request. If I can store password with post submit it should also be possible with a ajax submit. – botenvouwer Dec 06 '13 at 13:47
  • @SachynKosare > My answer would be the same as techfoobar... technically, everything you send (and receive) without SSL can be intercepted. And firebug is not the biggest issue there, network sniffing on wi-fi hotspots is. From where I see it, at some point all sites will be running SSL. Google for example enforces SSL even for a simple search... – Laurent S. Dec 06 '13 at 14:49

4 Answers4

1

Put the login fields back into the form and use

  $('#FormId').submit(funciton(){

     //Ajax here

  });

This will submit the form and perform the ajax login. The browser will still detect it.

heymega
  • 9,215
  • 8
  • 42
  • 61
0

Browsers auto detect password fields and prompt user to save it [If you are not using Ajax]. I don't think there is specify way to tell browser to save password

sravis
  • 3,562
  • 6
  • 36
  • 73
0

you could use a normal form and then:

$( "your_form" ).submit(function( event ) {
  event.preventDefault();

  $.ajax ...
});
Jacob A.
  • 270
  • 3
  • 10
0

You can reload a page only after receiving the login confirmation(Either success or fail). I guess you need to reload a page for success case only.

For that you can show the prompt window to remember username and password before reloading a page.

In a asynchronous call, there is possiblities to return before receiving response from server script,for that you have to use event.preventDefault();.

KumarA
  • 1,368
  • 3
  • 18
  • 41