Ticket #2018 (closed Feature Requests: fixed)

Opened 6 years ago

Last modified 6 years ago

Allow password save in web browser admin login

Reported by: dswartz Assigned to:
Priority: minor Milestone: 2.3
Component: Web interface Version: 2.3-branch
Keywords: Cc:
Confirmation: Unreviewed Distro:
Backend Engine: All Distro Ver:
Backend Ver: SVN Revision (if applicable):

Description

Apparently, something in the form that freepbx uses to validate a user who wants to login is generating a random (unique?) ID each time, so you are unable to tell IE or firefox (or any other browser) "remember this login info"...

Change History

(follow-up: ↓ 2 ) 06/25/07 13:57:57 changed by WAudette

What form is it that users are logging into. Can you post the url? This might help the developers get to it faster. Of course, they may already know what you are speaking of too...

I am simply looking for clarification.

Thanks,

WAudette...

(in reply to: ↑ 1 ) 06/26/07 05:15:40 changed by dswartz

The basic login form. e.g. you click on setup or tools, and you get prompted for a username and password.

06/26/07 05:33:43 changed by p_lindheimer

what is AUTHTYPE set to on the specific install, 'none' or 'database' ?

07/13/07 07:48:50 changed by p_lindheimer

  • owner changed.
  • component changed from Web interface to Core.

07/24/07 11:05:17 changed by dirk

Happens when it's set to database auth types. I've two very similar installs and only one with database auth. The database one always prompts for password and refuses to remember it, the other one never prompts for a password. Odd.

08/01/07 17:05:33 changed by gregmac

  • type changed from Bugs to Feature Requests.
  • summary changed from Login screen defeats password save in web browser to Allow password save in web browser admin login.
  • component changed from Core to Web interface.
  • milestone changed from 2.3 to 3.0.

This behaviour is by design so this is not a bug.

I'm not really sure why it works this way, so changing to a feature request to remove this behaviour, and allow saving credentials. We need to have some discussion on the implications of this change:

  • Should we change this behaviour?
  • Should we add a config setting to enable/disable this behaviour? (And if so, what is the default for the setting?)

Personally, I don't see any reason not to change this, and a config setting is overkill for it in my mind. The only downfall I can think of is if someone uses your desktop/web browser, and navigates to the site, it will pre-populate the user/password fields for them. In my mind, this is minor, since really they can probably find the credentials anyways (eg, if you've "saved" them at some point in the browser, they're still saved, even though it will never use them), and chances are you have a bunch of other interesting admin sites with saved passwords.

08/01/07 19:48:33 changed by p_lindheimer

  • milestone changed from 3.0 to 2.3.

my vote is to let the browser remember the password.

08/04/07 17:33:59 changed by gregmac

  • status changed from new to closed.
  • confirmation set to Unreviewed.
  • resolution set to fixed.

implemented in [4690]