2

When I first created my login view for my app I used the credentials for a user named jgreen. Now whenever I open the login page those credentials are automatically filled in and if I enter jgreen into the username field the password field is automatically filled out. I need this to not happen for obvious security reasons. I tried setting autocomplete on the fields to off, I tried setting autocomplete to off in both the form and fields, this didn't work. I tried deleting my history, this didn't work either. Here's my login code.

username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
    if user.is_active:
        login(request, user)
        return HttpResponseRedirect(...)

I'm out of ideas of what to try to prevent this behavior, can anyone provide any assistance or direction? Thanks in advance for any help.

EDIT: clarified attempts with autocomplete attribute

avorum
  • 2,243
  • 10
  • 39
  • 49

1 Answers1

3

Django has nothing to do with the autocompletion. Either your browser, OS, or a third-party password manager is remembering and filling in the data for you. Try using Firefox and following the remove instructions. You may want to use the sqllite manager to view Firefox's saved password database. You can also write some javascript to try and persuade your password manager to not work.

Community
  • 1
  • 1
foobarbecue
  • 6,780
  • 4
  • 28
  • 54