I'm working on a login form with React 18 and I've run into an issue with Chrome automatically trying to save new passwords when I redirect users to a password reset page after login failures. The backend logic sometimes sends users to this reset page instead of showing a simple error. While I understand why Chrome does this, I want to figure out how to prevent it from determining that the password is correct. Currently, I'm using a workaround that stops saving after a few incorrect attempts, but it feels unreliable and could lead to inconsistencies. I've heard some suggestions, like displaying the username and password fields on different pages, but I don't see how that would resolve the problem. I'm looking for insights on what strategies are typically used to handle this situation without messing with the user experience too much.
4 Answers
Honestly, Chrome’s saving behavior is tied to how the form submission process is perceived, not to your backend logic. So, if you can keep users on the same page and give them a clear message about what went wrong, that would probably solve your issue without Chrome butting in.
Have you considered not redirecting at all after a login failure? Instead, return a proper inline error message on the same login page. This way, Chrome never thinks the login process was successful and won't save the password. It’s definitely safer and avoids data leaks about account existence too.
Definitely, it's a better practice to keep the user on the same page until a successful login happens, which helps with password management.
You might also think about implementing some sort of delay or timeout before the redirect occurs. I've seen that help in certain circumstances where Chrome thinks the form submission was successful too quickly. Just keep in mind that timing can be tricky—sometimes it doesn’t work as you intend.
Right? I tried using delays too, but it can get confusing if it doesn't hook up right. It’s definitely a trial-and-error kind of thing.
Only redirect if you're sure that the user has successfully logged in. If they fail, output a login error like 'Incorrect credentials' right there. Chrome checks for success, so keeping the user on the same page will help prevent it from saving any incorrect passwords.
It makes sense! You just have to create a friendly user experience around that—like a visual cue that they messed up and need to try again.
That's a solid point! Plus, if users need help, they can click a forgot password link without giving away too much info.