Remove the last username from the session after use #2399
Conversation
|
I think the purpose of the "last username" feature is that when you log out and later go back to the login module, your username is already filled in. IIRC, this no longer works after merging this PR, does it? |
to mitigate that i'd recommend autocomplete attributes on the inputs anyway: <input type="text" name="username" id="username" class="text" value="" required="" autocomplete="username"><input type="password" name="password" id="password" class="text password" value="" required="" autocomplete="current-password">This is something chrome always complains about and i added that to the login template. |
This does not work currently and I don’t think it is expected to work as Symfony removes the “last username” from the session as soon as your login was successful. See #1627 (comment) As far as I understand this feature, the “last username” is stored in the session so that if you mistype your password you don’t have to reenter your username for the second attempt. |
That's what I thought as well 👍 I've never seen the other use-case work, nor would I find it useful. In fact I would consider that a security issue. If I log out of a website on a public machine, I don't want my username to linger around.
Oh yes, and please let's do it for the Install Tool as well. Browsers always confuse the input fields of the create admin user form 🙃 |
|
Thank you @ausi. |
@asaage Will you create a PR for that? |
leofeyer
changed the title
|
Never mind, I did it myself: #2432 |
See #1627 (comment)