How to avoid the password caching by the browser on login into Service Desk Manager.

Document ID : KB000019581
Last Modified Date : 14/02/2018
Show Technical Document Details


Local browsers may cache the password on login so that on future logins the password is automatically filled in based on the entered user id.

This may cause a security gap.


To avoid this behavior there are the typical local browser settings for not caching the password, but the best is to avoid this caching from within theService Desk application.

A way to stop the password caching in the application is to add the parameter autocomplete="off" in the login.htmpl.

To do this:

  1. Open the default login.htmpl with the Web Screen Painter and search for the line (see figure):
    <td ><input type="password" id="PIN" name="PIN"></td>
    Change this line to:
    <td ><input type="password" id="PIN" name="PIN" autocomplete="off"></td>

  2. Save and publish the file.
    The new customized login.htmpl will be present under the folder %NX_ROOT%\site\mods\www\htmpl\default.

  3. Perform a pdm_webcache from the command line.

  4. Clear the local browser cache.

    Figure 1