Will Firefox remember userid values in login prompts even if the "save passwords" checkbox is off?
For background, I work on a very large ecommerce web site that is considering some implementation details of our application-specific "Remember Me" functionality. This is designed to fill in (only) the userid field if the user comes to the login page when they aren't logged in.
What I'm starting to wonder is, is it worth implementing this application-specific feature when most of the browsers, like Firefox, already do something like this?
The password save feature in Firefox attempts to save both a userid and a password. I can see the possibility that some users would prefer that it save and restore the userid, but not the password. In my browser, I have it turned on, so it saves both userids and passwords, but is there a way to configure Firefox so that it only saves the userid? I don't know whether IE or Chrome have similar choices.
Toate răspunsurile (9)
Saving form autocomplete information and saving passwords work in a related manner but they are separate options (Options > Privacy and Options > Security). I don't know whether the standard form autocomplete feature remembers usernames (because I don't use it).
From the site site, you could do what Microsoft does with Windows Live and insert the password field using a script. This apparently bypasses Firefox's detection of the field as fillable. I can't recall whether it also bypasses the "save password" prompt. Perhaps the same script can add autocomplete="off" to the form to block that.
If the password manager is disabled then Firefox doesn't offer to store names and passwords, but if saving form data is enabled then Firefox will still store the user name as form data unless the form field uses autocomplete=off to prevent this.
Note that form data is global, so you can get entries from other web pages if the same id/name is used.
- Tools > Options > Privacy > History: "Remember search and form history"
- https://support.mozilla.org/kb/Form+autocomplete
You can consider a form-fill extension that is site specific to get better security.
I don't see any options in "Privacy" for saving form autocomplete information. That tab only has two settings: "Tracking" and "Location Bar".
You don't have a "History" section in the middle? If you choose "custom settings" for History you get lots of additional options.
Can you attach a screenshot of that window?
- http://en.wikipedia.org/wiki/Screenshot
- https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
Use a compressed image type like PNG or JPG to save the screenshot.
Here 'tis.
Looks that you have some extension installed that hides the History section.
Start Firefox in Safe Mode to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
- Do not click the Reset button on the Safe mode start window or otherwise make changes.
Ok, I've verified that when I restart with no add-ons, I get the "History" dropdown, which is defaulted to "Remember History". I don't know what add-on is doing this, but I've concluded that I don't care that much. When I saw the statement that indicated that saved form data is not site-specific, I realized this wouldn't be a useful feature, so I'm not going to pursue a feature that only saves the userid, but I see that we could make that happen by rendering the password field dynamically.
What I'd now like to try to understand is under what conditions will Firefox not fill in a userid and associated password. I've seen several different scenarios, sometimes varying on a single web page:
1. Firefox immediately fills in the userid and password 2. When the page displays, Firefox doesn't fill in anything, but when I click in the userid field and press the down arrow, it gives me the single choice of the correct userid, and when I select that, it fills in the password 3. Firefox doesn't fill in anything, and nothing happens when I press down arrow in the userid field
I'm mostly concerned with scenario 2, as the enterprise application I work on has one login page that performs like "1", and a related login page in a slightly different domain that behaves like "2". I wanted to understand why I'm getting behavior "2".
I'm actually aware of another login page unrelated to my application that does either "1" or "3" when I come to it, seemingly randomly. I'm curious about this, but it's not critical.
I think I figured out why the related page is doing behavior "2". The page deliberately sets "autocomplete" to false (which I'm pointing out is not useful), so it doesn't fill in the field, but pressing down arrow presents the single-item dropdown.