This has been bothering me for a few weeks now.
I have a login form that used to require username + password:
<form role="form" method="post" action="/login" class="form-signin">
<div class="form-group">
<label for="username">Username</label>
<input id="username" name="username" type="text" placeholder="ex: AD\jdoe" required="required" autofocus="autofocus" class="form-control"/>
</div>
<div class="form-group">
<label for="password">Password</label>
<input id="password" name="password" type="password" required="required" class="form-control"/>
</div>
</form>
I changed it to use the user's email instead due to reasons:
<form id="form" role="form" method="post" action="/login" class="form-signin">
<div class="form-group">
<label for="email">Email</label>
<input id="email" name="email" type="email" placeholder="ex: name@website.com" required="required" autofocus="autofocus" autocomplete="email" class="form-control required"/>
</div>
<div class="form-group">
<label for="password">Password</label>
<input id="password" name="password" type="password" required="required" class="form-control"/>
</div>
</form>
Much to my surprise, Chrome was still auto-filling out the email field with the previously saved credentials. I tried a variety of permutations on the email field's attributes to no avail (also tried renaming the password field as well just in case, and that too still gets auto-filled). Firefox has the same behavior as well.
I also tried renaming the form itself, and adding a second form just to test wherein the browser filled in both sets of inputs.
Finally, exasperated, I came up with this workaround:
<form id="form" role="form" method="post" action="/login" class="form-signin">
<div class="form-group">
<label for="email">Email</label>
<input id="email" name="email" type="email" placeholder="ex: name@website.com" required="required" autofocus="autofocus" autocomplete="email" class="form-control required"/>
<!-- Workaround for inability to clear the autocomplete functionality of a previously named field-->
<input id="username" type="text" name="username" class="hidden"/>
</div>
<div class="form-group">
<label for="password">Password</label>
<input id="password" name="password" type="password" required="required" class="form-control"/>
</div>
</form>
The downside is that it won't save the user's email if they have previously saved credentials, and it continues to auto-fill the password (and the username too).
Of course, I can add some error to trigger to validate the field is an email and whatnot, but I'm more curious as to why this behavior is happening. It seems that short of removing the saved credentials in my own browser, I have no way to reset the auto-complete data for my users to prevent it from erroneously filling in the username into the email field.
What's kind of funny as well, since I set the new input to be of type email, it triggers the validation of the field and throws the browser's validation error saying the username is not a valid email (as expected).