Browser-stored username & passwords in Chrome

Question

I have a website with an authentication form that users must use to access the site.

When Google Chrome is used to access the site, there is no offer to save the user's credentials, despite browser settings being set to allow. The FORM tag is not using autocomplete="off", but it is running over HTTPS if that makes any difference.

What do I need to do (or not do) for Chrome to offer to save passwords?

FYI - the site in question can be seen here.

Answer 1

It turns out that the issue was caused by the tag missing the action attribute.

Added action="" and all is good, even with AJAX and GET.

Answer 2

Apart from Nathan's observation on the use of XHR to post the credentials, it is quite possible that the use of the HTTP GET instead of the HTTP POST request is responsible for Chrome's behavior in not offering to save the credentials.

It should be noted, that using HTTP GET instead of POST to submit credentials is often considered a bad practice in itself, notwithstanding the annoyance encountered in Chrome. Although I cannot pinpoint any specific problems in this case (as I haven't seen the post-login page, and other related traffic), using GET to transmit credentials is something you would want to avoid (to prevent any potential leaking of credentials, despite the use of HTTPS).

Answer 3

I don't think chrome remembers usernames and passwords sent via AJAX. The only thing you can do is make it submit the form normally.