[Javascript] automatic filling of login field
Bernu Bernard
bernu at lptmc.jussieu.fr
Fri May 4 14:37:57 CDT 2007
Le 4 mai 07 à 19:36, Mike Dougherty a écrit :
> On 5/4/07, Bernu Bernard <bernu at lptmc.jussieu.fr> wrote:
> The autocomplettion works perfectly with a standard submit, where a
> new html page is sent.
>
> The question is : how to do that with ajax ?
> In ajax-like method, the problem comes from the onsubmit of the form
> which ends with a return false and thus prevent the browser from
> saving the login/password.
>
> It would be helpful to see an example as Hassan suggested. I am
> not sure an AJAX login is an ideal strategy.
>
> To avoid the username+password in something as easily manipulated
> as a cookie, we use identification numbers which have no obvious
> meaning (as well as salted hashing to prevent sequential
> discovery) That number is a key to retrieve user information from
> the SQL database upon return to our site. To be truly secure, even
> if you think you know who someone is (so you can prefill login
> info) it is better to ask again for their password (in case someone
> else is using their computer) ex: I think it's disgraceful that
> my gmail account stays logged in across browser instances unless I
> specifically log out. If I don't take an active measure to secure
> my email, anyone accessing my computer (at work) can get to my
> email. I urge you to not follow Google's bad example of logon
> security.
This is a working solution of what I wanted :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
<title>login test</title>
</head>
<body>
<form method="post" action="http://localhost/cgi-bin/mycgidecoder"
enctype="multipart/form-data" accept-charset="utf-8" name="mainform"
id="mainform" target="jstarget" >
<input type="text" name="login" />
<input type="password" name="password" />
<input type="submit" />
</form>
<iframe id="jstarget" name="jstarget" style="background:#f0f ;
border:solid 1px ; width:300px ; height:300px"
src="qblank.html">hello</iframe>
</body>
</html>
where the iframe can be of size 0. I put sizes to verify how it
works. The qblank.html can be :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>qblanck</title>
</head>
<body>
hello
</body>
</html>
"mycgidecoder" just return the following that I can see in the iframe
"Content-type: text/plain ; charset=UTF-8
{ result:\"ok\"} "
I tested it in Safari, Firefox and Opera (need the magic stick), not
test in IE6-7.
Now, I can change login and password.
Each time I'm asked if I wanted to save the settings. If I respond yes
then, when I ask for the page later, these two field are
automatically filled by Safari, Firefox.
Bernard
one of the http://www.quomodo.com developer !-)
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolt.org/pipermail/javascript/attachments/20070504/0af4b806/attachment.htm>
More information about the Javascript
mailing list