There are situations where I want autocomplete to work for a user's name and password, and situations where I don't. In Firefox, even with autocomplete off, once the user fills in his name, the browser supplies the password field filled out.
I would like to be able to simulate the just-print-asterisks behavior of the input-password form element in an input-text box so as not to trigger the browser's 'helpful' behavior. Does anyone have a little JS snippet that will do this?
Let me state the problem more completely: In my application I want people to be able to use autocomplete once, when they first attempt to log in. But on subsequent attempts, or when they have timed out through inactivity and are re-logging on a different screen, I don't want autocompletion to work (Think multi-user public computers). Since the browser has already stored a password, even though I have turned off autocompletion on this second screen, if the (perhaps next and unauthorized) user guesses the name of the previous log-in, the browser still provides the stored password. I suspect this mechanism is built around the password-type input element, and so I want to eliminate that on my secondary login screen.
Tried that of course. Firefox seems not to care about the name of the element, only that it is of type password. So, for example, I logged in and asked Firfox to remember the password I had types. Then wen to the app and changed the name of the password element. After relaoding the app I tried logging in again - and Firefox was obsessive enough to provide the password anew to the newly-named box.
Wow. I thought you were really on to something there. After reading the info I tried renaming the form, the input box, and the password box. But no luck: as soon as I typed the first couple of characters in the randomly-named name field, Firefox gave me a drop-down with the field completed; and as soon as I choose that dropdown, it inserted my password in the randomly-named password field below.
It looks like they're storing data elated to the content of a box - regardless of name - and associating that with a password. Argh!
Why don't we try this ... give us the URL, and we'll see if we see the same behavior on our browsers. We can also see the source then and verify that there's nothing atypical about the way you're defining your username/password fields.
Good idea. So I wrote a very simple test case to prove how right I was. And it does not fail in the manner I described. I need to do some more research!
I'll get back to the thread when I have a simple example or a complicated explanation. Thanks for your interest.