trojan81
asked on
web server and security - cookies
Web experts,
This is a 2 part question
Question 1a): When I go to my stock broker site, I see that I am never allowed to save the password on my browser. It only saves my account ID and I have to enter my password. Is it the broker's website that doenst allow my browser to save the password or is it just a setting on my browser.
Question 2a): I visit a particular Https site and see that my session is always logged in as long as I don't close my browser or explicitly log off. I could pull the network cable out of my computer for an hour and then plug it back in and pick up on the site exactly where i left off. am i correct to assume that the site sent me a session cookie that was stored in my browser which had the setting to never expire?
This is a 2 part question
Question 1a): When I go to my stock broker site, I see that I am never allowed to save the password on my browser. It only saves my account ID and I have to enter my password. Is it the broker's website that doenst allow my browser to save the password or is it just a setting on my browser.
Question 2a): I visit a particular Https site and see that my session is always logged in as long as I don't close my browser or explicitly log off. I could pull the network cable out of my computer for an hour and then plug it back in and pick up on the site exactly where i left off. am i correct to assume that the site sent me a session cookie that was stored in my browser which had the setting to never expire?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Disable autocomplete
http://www.w3schools.com/tags/att_input_autocomplete.asp
http://www.w3schools.com/tags/att_input_autocomplete.asp
ASKER
for #1, i understand they don't want the password stored, but how can they enforce it so that your browser never stores it prefilled in the password box?