View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0026360||mantisbt||security||public||2019-11-15 03:25||2019-12-02 17:15|
|Summary||0026360: Avoid storing credentials in login page|
Our security department suggests avoid store credential in [login_password_page.php] in order to increase security level.
Despite of this, some clients could prefer store their credentials into browser so the possibility of storing credentials may be parametrized.
|Tags||No tags attached.|
Do you mean the Keep me logged in option ?
If so, that can be disabled by setting
Note that this does not actually store the user's credentials, it just saves a cookie with the user's session id.
Is related with these option too, but more precise with browser behavoir.
May be forced with:
<INPUT TYPE="password" AUTOCOMPLETE="off">