This question already has answers here:
Closed 14 years ago.
Duplicate of Disable browser save password functionality
Is there a way to tell the browser not to insert pre-Saved credential data into forms on websites?
For example I might have an application where I have to login first. I saved the credentials for this login.
When I now want to create a new user account in the control panel, the browser automatically fills in the values for the name and password field, although I want to create a new user.
Is there a way to stop this from happening? Thanks for your answers.
Edit: I mean that the browser fills in the saved credentials when opening the site. I do not mean offering pre-filled in values for that form. But when I open the site the whole textfield and passwordfield are filled out with my data. I'm looking for a xhtml way of doing this, so it is programming related.
From this older post the 'autocomplete' attribute may be your friend:
Disable browser 'Save Password' functionality
Related
This question already has answers here:
How does the revalidate process in Incremental Static Regeneration work?
(2 answers)
Closed 7 months ago.
As you know, we can update SSG page via revalidate key in getStaticProps() and user at firstly see latest content and after refresh page twice can see updated content.
But is it proper that user should refresh page twice? In my opinion, user do not know should refresh twice. However, new users can see the new content at first.
I would be appreciate if share your comments about revalidate.
You'll usually have more than 1 user. The Re-generation can be triggered by any of your users so not everyone on the site needs to refresh twice. Only 1 user would do that.
I touched upon this in a question I submitted yesterday. I am not sure I clarified well what my issue is in that post, so, just to make it less confusing I thought I'd just create a new post.
This is what's happening.
If I go into Preview mode and create a new record and then refresh my browser, the record remains (as you can see I now have many records in Preview). But I realize the Preview is unique to my login.
[Inline image 2][1]
But when I do a deployment and go to the deployment url:
[Inline image 3][2]
And then I create and submit a new record, it works correctly and displays in my list view:
[Inline image 4][3]
But then, if I just stay on the same window tab and refresh my browser, my document disappears.
This could be a permissions problem. Are you using the same account when using the deployed version as when you tested with the Preview mode? If not, the account you used for the deployed version may not have permission to view the record you just entered. When you enter the new record it will appear on the form but when you refresh your browser it does not appear.
I am little new to programming (especially to web designing). I have learned that the World Wide Web is based upon a protocol called HTTP. And also each and every item (I mean web pages, images, css & js files etc) are transferred according to the HTTP Requests. So my problem is this.
When we fill a web form (especially a login form like fb) and click ok, login or submit button, What Happens Next? Does it send another http request or does it use some special technique?
Is it safe or does anyone can hack our user names and passwords when that requests are traveling through internet?
It actually depends on the person who made it. They can create an output which would show the values entered or it can be entered to a database for other usage. There's so many things can be done and that would actually depend on the need of the user.
Added for 2nd question:
There are a number of ways to encrypt these data to avoid being hacked. If you use a very basic technique in transferring the values that you submit then there would be a huge possibility that it can be hacked. But, not to worry as there are plenty of ways to be safe.
My website is used to administer customer accounts. If I access CustomerA's account through the website then open a new tab and access CustomerB's account the session holding the customer ID updates to think I'm now working on CustomerB. Then if I click back to CustomerA's tab and start editing that page I am in fact editing the database record for CustomerB. This has happened and caused all sorts of problems so I need to find a fool proof way of stopping it. I don't want to put the customer ID in the URL as this will make it open to abuse.
Session is not a place to hold information like this exactly because of problems you're describing. You need to pass customer ID along with the page itself (either in hidden field or in url), so when you post back the form, it exactly knows what are you trying to do. Session won't protect you nor add any extra security. You need to determine if the user has correct permissions either way, so you should focus on this aspect.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
Our current application is working fine but when you try to misbehave like we found out that When login with same user in multiple tab with different organization(there is a organization dropdown in the master page which sets the cookie whenever it is changed.)
in tab one it is org 1 and tab 2 it is org2 , cookie has the later org 2 in it but when we go back in tab1(which had org1) and save the record org 2 will be saved with the record
So can some one share some sort of a checklist with us which address these types of problem.
Unfortunately there is not much you could do about this. Browsers share cookies between tabs. And forms authentication uses cookies to track users. That's the same behavior you will get with other sites as well such as gmail for example.
you can add hidden field with data for recognize each view.
you store all data in server side such as session,cache,Database and serve "unique" view
I hope you'll find an elegant solution to this problem, but AFAK one instance of browser simply shares one identity.
To deal with this situation we use HIDDEN on master page, that is a part of main form. Its value is randomly generated when first page loads. Later, the value is kept between requests. Session values are stored with HashTable key of hidden value.
2 more hacks needed to get it work.
Response.Redirect is done with simple form that uses POST method to pass HIDDEN value to the new page.
All hrefs clicked with left button also posting HIDDEN value (if user uses 'Open in new TAB/Window' direct redirect without post simply creates new HIDDEN value - new subsession.)