[Javascript] automatic filling of login field
Mike Dougherty
mdougherty at pbp.com
Fri May 4 12:36:37 CDT 2007
On 5/4/07, Bernu Bernard <bernu at lptmc.jussieu.fr> wrote:
>
> The autocomplettion works perfectly with a standard submit, where a
> new html page is sent.
>
> The question is : how to do that with ajax ?
> In ajax-like method, the problem comes from the onsubmit of the form
> which ends with a return false and thus prevent the browser from
> saving the login/password.
>
It would be helpful to see an example as Hassan suggested. I am not sure an
AJAX login is an ideal strategy.
To avoid the username+password in something as easily manipulated as a
cookie, we use identification numbers which have no obvious meaning (as well
as salted hashing to prevent sequential discovery) That number is a key to
retrieve user information from the SQL database upon return to our site. To
be truly secure, even if you think you know who someone is (so you can
prefill login info) it is better to ask again for their password (in case
someone else is using their computer) ex: I think it's disgraceful that my
gmail account stays logged in across browser instances unless I specifically
log out. If I don't take an active measure to secure my email, anyone
accessing my computer (at work) can get to my email. I urge you to not
follow Google's bad example of logon security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolt.org/pipermail/javascript/attachments/20070504/6e2503ed/attachment.htm>
More information about the Javascript
mailing list