Preventing browsers from saving input box data

[drewbee]

Since we all know browsers now a days have a nifty little feature to save the information put into textboxses for later use, I am curious if there is a way to prevent this from happening?

 

I have the need to obtain sensitive data from a user, lets say a credit card.

 

So we have the input box requesting credit card information. The user puts it in and is prompted with the box 'Do you want xxx browser to remember this information'. Lets say our user clicks on the 'remember' button and thus the credit card number is stored in the browser for later use.

 

Should it happen to be a public computer, another person sites down and gets ready to buy something as well and as he/she clicks into the credit card box, a nice little pre-filled out credit card number is ready to go for them.

 

What can be done to prevent this? As far as I know there is no attribute to tell it not to remember this information in specific fields. At best I could randomize the input's name on each page load thus not worrying about what the user puts in.

 

This is simply something to protect users from there own stupidity, and if anyone has any tips, please feel free to share them or your thoughts on this situation!

[beebum]

Your desire to protect the user is honorable but most likely futile. I am not aware of anything that can be done on your end to prevent the user from storing his cc# in the browser. You could display a warning telling the user not to do that but beyond that I don't think there is anything else you can do.

[obsidian]

What you are asking about is akin to removing all choice from the end user. Keep in mind that the "remember" feature is indeed simply a feature of the browser and can therefore be turned off by the user. Along the same lines, the feature is typically disabled or removed entirely at most public places such as libraries.

 

In addition, most browsers that remember certain features will by default ignore certain name field matches (such as SSN and CC information). Again, this varies from browser to browser as well as what 3rd party form memory application may be installed (such as RoboForm), so there is no way to account for all of them.

 

The desire to protect the user from himself is definitely admirable, but it is something that you cannot always do.

[drewbee]

Yes; I agree! The only thing I have come up with so far is a textarea. I have not come across a browser that remembers the textarea field. I guess I could format it to look like a input box, remove scrolling etc. Almost more work then what is necessary. But it is a start.

[Northern Flame]

You can do this with AJAX.

 

just put your inputs, but dont put them in a <form> tag

so that the browser wont remember it.

 

then at the end put in this:

 

<button onClick="ajax_function()">

Send Data

</button>

 

then use javascript to save the users inputed information

and then send it to a page with PHP, tell that page to

process the data and then return the results. Seems like

a lot to do, but if you are serious about preventing browsers

from saving the data, you might want to consider what i

wrote above.

[haku]

That will work, but it will cut off anyone who turns off javascript on their system.

[Northern Flame]

That will work, but it will cut off anyone who turns off javascript on their system.

 

oh yea thats true,

i never thought of that 

[drewbee]

Yup; and at times it may be neccessary to force javascript on in the browser. (Or some type of detection for it). The percentage of people with javascript off isn't too terribly high. I think based off of odds of people with javascript off and who 'save information' and who have it on but use the technique above to avoid saving information reduces that number to a very very small fraction (those who have it off and 'save information') of people.

[fenway]

I think IE has an "autocomplete" attribute, but I don't know well this is respected.