|
|
|
|
|
|
by kodablah
3287 days ago
|
|
|
Not bad practice from a security perspective per se, just annoying to users that don't want JS, or like the non-password fields to support their browser's features like autocomplete, etc. Granted if it's a SPA, some of that usability shop has sailed. And while any AJAX post is secure normally, many JS implemented login solutions open themselves up to CSRF and other problems. |
|
|