HTML Single Page Application, fill username and passwords with browser

Question

Is there a way to tell the browser that a login form has been displayed and that it should fill in the field with the saved credentials?

I have this SPA that loads the login view with ajax after the document has been loaded. I have managed to get Firefox to save the credentials after a successful login but when I try to login again the fields are not filled.

Also, I can't seem to get Chrome to prompt to save password since I cannot redirect the browser and Chrome seems to bind to that event.

I have the same issue -- a javascript SPA and Chrome isn't saving the user's passwords. I have checked that the form has "name" attributes on the username (name="username") and password (name="password") fields. It seems intermittent. How can I help Chrome to recognise this as a login form and offer to save passwords? — Rich, May 27 '16 at 08:32
@Rich Have you enabled [`Autofill`](https://support.google.com/chrome/answer/142893?p=settings_autofill&rd=1) at chrome, chromium settings? — guest271314, May 27 '16 at 10:43
@guest271314 Yes, autofill is enabled in Chrome and password saving works on most websites. I am asking about a SPA website I have written where Chrome doesn't seem to recognise or like my login form. — Rich, May 27 '16 at 11:14
Dup of http://stackoverflow.com/questions/5430129/how-to-make-chrome-remember-password-for-an-ajax-form ? — Rich, May 27 '16 at 14:00

score 4 · Answer 1 · edited Sep 20 '17 at 11:52

Browser have their special default behaviors when it comes to recognizing forms and saving login data. What you are asking for is easily achievable when building out a form correctly.

Example 1:

Wrap your input elements in a form tag:

<form method="post" action="/form">
 <input type="password" id="name"></input>
  ect...
</form>

This is so the browser can recognize your form and associate default behaviors.

Example 2:

Make labels for your input elements and associate them with name/ids:

<form method="post" action="/form">
<label for="pssw-1" >Name : </label> 

 <input name="password" type="password" id="pssw-1" ></input>

  ect...
</form>

Example 3:

Apply autocomplete attribute if desired, on form and input elements:

<form method="post" action="/form" autocomplete="on">
<label for="pssw-1" >Name : </label> 

 <input name="password" type="password" id="pssw-1" autocomplete="password"></input>

  ect...
</form>

With autocomplete enabled the browser stores encrypted password/login data in session browser history often located in %APPDATA%\..\Local\Google\Chrome\User Data\Default\Login Data (for Chrome at least).

This native function is often called once user hits the submit button or once credentials are validated.

FYI: I have two spa desktop apps using this syntax and no trouble with autofill / autocomplete.

How browsers store login data:

http://raidersec.blogspot.com/2013/06/how-browsers-store-your-passwords-and.html

Best practices:

https://developers.google.com/web/updates/2015/06/checkout-faster-with-autofill?hl=en

Thanks. I'm fairly sure that my app follows all these guidelines, but I'm still seeing inconsistent password saving behaviour. Strangely, it seems to differ between different instances of the app on different hostnames. I wonder if I have some local state (previously saved passwords or conflicting passwords or something) which is causing issues. — Rich, Jun 07 '16 at 09:22

score 0 · Answer 2 · answered Jun 02 '16 at 03:47

There are 2 parts to the question, namely populate fields with saved credential and prompt user to save credential. If there are saved login/password pair, it will automatically populate to the type=password id='whatever' input with the password and the previous input field with the login. Note that this two fields must if a name or id attribute or it won't work. Here is a simple example:

<body>
  <input id="a"></input>
  <input type="password" id="b"></input>
  <input type="button" onclick=redirect()>GO</input>
</body>

To prompt user to save credential, this 2 fields must be pass to another URL and get a successful reply. The easiest way is to use a form with action to some php. Here is a simple ajax callback redirect:

redirect = () => $.ajax({
    url: './someValidationURL',
    data: {username: a.value,password: b.value},
    success: () => window.location.href = './someProtectedURL'
});

score -4 · Answer 3 · answered Oct 24 '13 at 15:28

-4

Generally speaking this is a really bad practice for the username and password to be stored however you can store it in localStorage if you want it there long term, or sessionStorage if you want there while the browser is open only, (Note it works in IE8 and up) but IE7 is no longer supported so it should not be an issue. this is how you would do it. I would not suggest storing the password in the session storage I would store it as a cookie because cookies or if you have access to the server use a Session Variable to store the password, but either way I will post the code even though storing the that info in session and local storage is bad practice.

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Document</title>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
</head>
<body>
    <form action="">
        <input type="text" name="username" id="username" value="username@login">
        <input type="password" name="password" id="password" value="password">
    </form>
</body>
</html>
<script>

    window.onload = function(){

        if(window.sessionStorage){
            //depending on which one you would want to use 
            var form = document.getElementsByTagName('form')[0];
            //optionally you can use querySelector instead
            var user = document.getElementById('username');
            var password = document.getElementById('password'); 

            console.log(user);
            console.log(password);

            if(!sessionStorage.getItem("username")){

                sessionStorage.setItem("username", user.value);


            } else {

                user.value = sessionStorage.getItem("username");


            }

            if(!sessionStorage.getItem("password")){

                sessionStorage.setItem("password", password.value);

            } else {

                password.value = sessionStorage.getItem("password");

            }
        }

        console.log(sessionStorage);

    }

</script>

answered Oct 24 '13 at 15:28

Jesse

785
2
9
29

Thanks, but I was looking more of the browser functionality of saving passwords that you usually see on most websites that use a normal form to login. I will probably end up saving it in the localStorage even though it's not the best way. Thanks again – Frank Oct 24 '13 at 15:33
1

Do not save passwords in local storage, cookies or anything else that is not encrypted: I don't think this answers the question, as the question was how to get the browser to fill in the information. When browsers are storing passwords they at least encrypt these, which is why it is actually ok. However this approach will leave your password hanging unencrypted in the local storage.. – user2849406 Oct 24 '13 at 15:34
the browser itself won't do it, again its really bad practice to do it with localStorage because once the browser is closed you still have the data stored and unencrypted in the localStorage, My strong suggestion is if you have access to the Server to use Server side programming to store the variables as Session Variables and load them via ajax. – Jesse Oct 24 '13 at 15:43
Why won't the browser do it? Isn't there a way to trigger and event to tell the browser that the login form is now visible? And the inputs IDs are the same as when the credential was saved – Frank Oct 24 '13 at 16:00
You have to use javascript to do it, its for security reasons, the browser won't store passwords unless the user allows it. The person has to click OK when the browser asks them if they want to store the password and login like you see on email logins like outlook.com(live) whatever you want to call it, when you check keep me signed in, it stores a cookie on the system that is encrypted with the log in info and recalls it. All the browsers give the users options to store form data and passwords via the browser options but that is not accessable via client-side javascript – Jesse Oct 24 '13 at 16:06
I understand the browser does not really allow you to access the credentials it has saved by itself (The prompt it shows to save passwords). But since my login form is loaded by AJAX, I was asking if there was an event I could trigger to make the browser redo it's logic to find any login form to fill like it does on the initial onload event – Frank Oct 24 '13 at 16:13
Even if you don't care about security and want to save it no matter what it would be extremely bad UX to save it in localStorage due to fact that localStorage isn't asynchronous so you would have to reload entire SPA on login submit. However you could use localForage plus emit event after submit. – BT101 Sep 20 '17 at 12:02

HTML Single Page Application, fill username and passwords with browser

3 Answers3