[Javascript] automatic filling of login field

Bernu Bernard bernu at lptmc.jussieu.fr
Fri May 4 14:37:57 CDT 2007 

Le 4 mai 07 à 19:36, Mike Dougherty a écrit :

> On 5/4/07, Bernu Bernard <bernu at lptmc.jussieu.fr> wrote:
> The autocomplettion works perfectly with  a standard submit, where a
> new html page is sent.
>
> The question is : how to do that with ajax ?
> In ajax-like method, the problem comes from the onsubmit of the form
> which ends with a return false and thus prevent the browser from
> saving the login/password.
>
> It would be helpful to see an example as Hassan suggested.  I am  
> not sure an AJAX login is an ideal strategy.
>
> To avoid the username+password in something as easily manipulated  
> as a cookie, we use identification numbers which have no obvious  
> meaning (as well as salted hashing to prevent sequential  
> discovery)  That number is a key to retrieve user information from  
> the SQL database upon return to our site.  To be truly secure, even  
> if you think you know who someone is (so you can prefill login  
> info) it is better to ask again for their password (in case someone  
> else is using their computer)  ex:  I think it's disgraceful that  
> my gmail account stays logged in across browser instances unless I  
> specifically log out.  If I don't take an active measure to secure  
> my email, anyone accessing my computer (at work) can get to my  
> email.  I urge you to not follow Google's bad example of logon  
> security.
This is a working solution of what I wanted :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
		<title>login test</title>
	</head>
	<body>
		<form method="post" action="http://localhost/cgi-bin/mycgidecoder"  
enctype="multipart/form-data" accept-charset="utf-8" name="mainform"  
id="mainform" target="jstarget" >
			<input type="text" name="login" />
			<input type="password" name="password" />
			<input type="submit" />
		</form>
		<iframe id="jstarget" name="jstarget" style="background:#f0f ;  
border:solid 1px ; width:300px ; height:300px"  
src="qblank.html">hello</iframe>
	</body>
</html>

where the iframe can be of size 0. I put sizes to verify how it  
works. The qblank.html can be :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
		<title>qblanck</title>
	</head>
	<body>
		hello
	</body>
</html>

"mycgidecoder" just return the following that I can see in the iframe
"Content-type: text/plain ; charset=UTF-8

{ result:\"ok\"} "

I tested it in Safari, Firefox and Opera (need the magic stick), not  
test in IE6-7.
Now, I can change login and password.
Each time I'm asked if I wanted to save the settings. If I respond yes
then, when I ask for the page later, these two field are  
automatically filled by Safari, Firefox.

Bernard
one of the http://www.quomodo.com developer !-)
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolt.org/pipermail/javascript/attachments/20070504/0af4b806/attachment.htm>

More information about the Javascript mailing list