如何“记住我的密码"?复选框工作? [英] How does the "Remember my password" checkbox work?
问题描述
有许多带有记住我的密码"小复选框的登录表单,以便您下次访问该网站时,浏览器会自动为您填写密码字段.
There are numerous login forms with the little check box "Remember my password" so that the next time you visit the website, the browser automatically fills up the password field for you.
但我注意到现代浏览器(例如 Chrome/Firefox)中的一种行为,即使该特定网页没有任何记住密码"复选框,它也会显示一个通知栏以保存用户名/密码.
But I have noticed a behavior in modern browsers, such as Chrome/Firefox, which shows up a notification bar to save the user name/passoword even though that particular web page does not have any "remember password" check box.
所以我的问题是:
- 如果我必须将记住密码"复选框放在登录表单中,当用户检查它时我需要做什么?我的意思是,我是否必须将密码存储在浏览器 cookie(或本地存储)中?如果是这样,密码应该加密还是纯文本?
- 保存密码"通知栏是浏览器的功能还是有什么方法可以从网页调用它?
推荐答案
每当浏览器看到 <input type="password"> 时,保存密码"部分来自浏览器的密码管理器看起来它确实在要求输入密码.在大多数浏览器中,您可以使用 autocomplete 属性来抑制这种情况:
The "save password" part comes from the browser's password manager whenever it sees an <input type="password"> that looks like it really is asking for a password. You can use the autocomplete attribute to suppress this in most browsers:
<input type="password" name="password" autocomplete="off">
这不会验证,但通常没关系.
This won't validate but that usually doesn't matter.
记住我"部分与浏览器的密码管理器完全分开.记住我"标志是服务器的业务,它所做的只是摆弄它发回的 cookie 上的到期日期.服务器总是会发回一个 cookie(除非他们没有使用 cookie 来跟踪会话,但这种情况很少见,也不需要记住我"),其中包含一些东西来识别客户端用户.
The "remember me" part is completely separate from the browser's password manager. The "remember me" flag is the server's business and all it does is fiddle with the expiry date on the cookie that it sends back. The server will always send a cookie back (unless they're not using cookies for tracking sessions but that's rare and wouldn't need a "remember me" anyway) with something inside it to identify the client user.
如果您选中记住我",那么您就是在告诉服务器您想要一个持久会话.为了实现这一点,服务器将在 cookie 中包含一个到期日期,该到期日期将在未来的某个时间.当日期到来时,浏览器会过期并删除cookie;如果没有 cookie,服务器将不再知道您是谁,您将不得不重新登录.
If you check "remember me" then you're telling the server that you want a persistent session. To achieve this, the server will include an expiry date with the cookie and that expiry date will be some time in the future. When the date arrives, the browser will expire and delete the cookie; without the cookie, the server won't know who you are anymore and you'll have to login again.
如果您不选中记住我",那么您将获得一个会话 cookie.会话 cookie 没有过期日期,因此在浏览器退出时会自动过期.会话 cookie 对于共享机器很有用.
If you don't check "remember me" then you'll get a session cookie. Session cookies don't have expiry dates on them so automatically expire when the browser exits. Session cookies are useful for shared machines.
执行摘要:
- 保存密码"来自浏览器的密码管理器.
- 记住我"是关于登录 cookie 的到期时间.
很抱歉,啰嗦了这么多,但其他答案似乎有些混乱和不清楚.
Sorry to be so long winded but there seems to be some confusion and a lack of clarity in the other answers.
这篇关于如何“记住我的密码"?复选框工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
