Pete Freitag Pete Freitag

Watch out for Autocomplete

Published on June 07, 2006
By Pete Freitag
web

I ran into a funny problem today that had to do with the Autocomplete feature in Firefox. If I had autocomplete turned off on my computer it would have been very hard to debug this issue, but I quickly realized that autocomplete was the problem.

Suppose you have a backend app to manage users. You have a login for that looks like this:

<label for="username">Username</label>
<input type="text" name="username" id="username" />

Now if you also have an edit user form with the same code, autocomplete will fill in the username you used to login with into the username field. This is not a problem if your editing your own username, but if you want to edit someone else, then you have a problem.

So at first I thought I could fix this by changing the name attribute on the input tag, but this didn't work. You have to change the id attribute.

Another way to fix this is to set autocomplete="off" in your input tag. But that is a non standard attribute, and breaks HTML validation.



form html autocomplete firefox

Watch out for Autocomplete was first published on June 07, 2006.

If you like reading about form, html, autocomplete, or firefox then you might also like:

Discuss / Follow me on Twitter ↯

Comments

Pete - we had a similar issue related to a browser's (IE, Firefox) ability to store passwords related to a username (not recommended, but so many people use it).

They would sign in with their username and password, get into our system, change their password, then the next time they tried to sign in using the username, the browser would fill the password field with stars, but it was the password stored in the browser, not the new one in our db.

So, of course, the login fails and the user is befuddled. It took us a while to track down the fact that so many users were complaining that they could not sign in after changing their password. They do not connect the browser storing the password versus the db storing it.

We debated to try to implement strategies to disable the autocomplete (using different sign-in text fields), but did not want to break standard functionality.

So if you have users complaining about not being able to sign in after changing their password, inform them to clear the stars at least once!
by Paul Carney on 06/08/2006 at 7:15:42 AM UTC
>not a problem if your editing your own username,

this from the guy whose grammar cheatsheet mentions "you're" v "your" ??
he he.... no problem.

which reminds me: "whose" v "who's" is a common problem...
by lb on 06/28/2006 at 6:25:25 PM UTC
You actually took the time to type that just to correct a grammar mistake? jeeze. :rollseyes:
Anyway, I into the same problem at a former job. Instead of turning off autocomplete, we ran a script that would clear out the password for a certain domain and forced the user to type in the UN and PW once a month. Cut our service calls down a lot because it also forced the user to remember the UN and PW :-)
by rhamej on 07/17/2006 at 10:15:01 AM UTC
I've found that autocomplete="off" doesn't even work with firefox - its only for Mozilla / older gecko based browsers! I've even tried renaming input fields and id, but to no avail. There is only the XUL textbox attribute disableautocomplete="true", which isn't useful as its for the client side!
by Adrian Stannard on 10/24/2006 at 4:46:11 AM UTC