Hint to browser that login was incorrect

Question

With a login form in an SPA, where the login happens async in the background, the browser asks if I would like to save the password regardless of the login being successful.

Is there a way to hint to the browser "hey, this login wasn't correct, so maybe don't ask to save it yet"?

https://stackoverflow.com/questions/32775342/how-to-disable-chromes-saved-password-prompt-setting-through-javascript is this relevant? — weegee, Feb 04 '19 at 12:27

score 1 · Answer 1 · answered Feb 04 '19 at 12:28

1

If you're returning an appropriate HTTP status code, the browser will usually take the hint. I.e. a successful login results in a 200 OK status, whereas an incorrect login should result in a 400 Bad request status code.

answered Feb 04 '19 at 12:28

deceze

510,633
85
743
889

It comes back with status `401` – Svish Feb 04 '19 at 12:32
That's really an inappropriate status code, unless you're using the `Authorization` header and also return a `WWW-Authenticate` header; but that would be rather odd for a REST login endpoint. – deceze Feb 04 '19 at 12:34

Hint to browser that login was incorrect

1 Answers1