Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Known Issue: Browser Ignores Disabled Autocomplete Property for Saving User Login Information

Written By

Brian Suh

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

After setting company.security.login.form.autocomplete=false to disable autocomplete for user login information, the browser still permits users to save passwords or use password managers to manage password autocomplete or autofill.

Resolution

This is due to a lack of consensus and/or rejection of the autocomplete=off form property from the major browser development teams.

Internet Explorer (developer blog):

[O]ne of the top user-complaints about our HTML Forms AutoComplete feature is "It doesn't work-- I don't see any of my previously entered text."  When debugging such cases, we usually find that the site has explicitly disabled the feature using the provided attribute, but of course, users have no idea that the site has done so and simply assume that IE is buggy.  In my experience, when features are hidden or replaced, users will usually blame the browser, not the website. 

In this case, the team decided that keeping the user in control was of paramount importance. 

Chrome (developer discussion):

I wanted to give a heads up that now, by default, Chrome ignores autocomplete='off' for password fields. This allows the password manager to give more power to users to manage their credentials on websites. It is the security team's view that this is very important for user security by allowing users to have unique and more complex passwords for websites.

Firefox (bug report that was marked as fixed):

autocomplete="off" does two things:

a) prevents us from automatically filling in already-saved data for forms/fields that have the attribute

b) prevents us from saving new data for forms/fields that have the attribute

This behavior is a concession to sites that think password managers are harmful and thus want to prevent them from being effective. In aggregate, I think those sites are generally wrong, and shouldn't have that much control over our behavior.

I think we should investigate removing support for autocomplete="off" entirely, or at least the portion of it that prevents us from saving passwords.

To summarize, several of these major browser teams felt that sites that disabled autocomplete took away the agency of users to handle and manage passwords for themselves. Because of this, there has been a large push to remove or change this functionality. In future releases, the company.security.login.form.autocomplete property will be slated for removal from Liferay.

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?