Request browser to autofill differently on a subpath

Question

Just a quick question about browser's autofill functions. I'm often bothered by the websites I build , that the browsers are trying to autofill the same credentials on the front-end as the back-end (/admin/).

I'm curious if someone has experience with this and if it can be done plainly with HTML (5/Meta?).

I wonder if I can tell the browser to register a subpath (http://www.domain.com/admin) separately in their local autofill list.

Answer 1

There is no standardized way to tell the browser "consider this being is a different site", apart from actually making it a different site (e.g. placing admin UI under subdomain - admin.domain.com).

The only way for you is to disable the default browser autocompletion by using autocomplete="off" HTML attribute for <input> markup (you can disable it only in the admin subdirectory):

<input type="text" name="field" autocomplete="off" />

Acceptable solution is to use some type of javascript autocompleter. You can then store the history locally in the client using cookies. Using e.g. jquery autocompleter with local storage is very simple - look here:

Autocomplete (jQuery UI) and localstorage

Then you of course have full control on how the storage is done.

Note on security

If you really don't want users to autofill forms, you should know that while mostly the browser will respect autocomplete=off, users fight against it for several reasons; they use plugins that will still autocomplete in this situation (e.g. autocomplete on for FF or Chrome). User always wins in this case, the client may modify the HTML as he want. There are security risks involved in reckless autocompletion, so you can try to persuade users that it's not good for them.

You can also find some useful comments here: How do you disable browser Autocomplete on web form field / input tag?