When Internet Explorers AutoComplete is turned on for Forms the entries for each field in the HTML form should be cached and displayed as a prompt when the user starts entering content into the form the second time around.

On my website the AutoComplete feature is never displayed for any forms that exist on that site. But yet other websites retain and deliver that content without problem.

My site is using PHP as the scripting language and all content is delivered over SSL.

I have determined that the problem is related to the Cache-Headers PHP sends out when the start_session() command is issued and the site is running SSL.

I have been able to get a hold of a person on the IE security team at Microsoft and they have confirmed that this is how IE is supposed to work. Here is a direct quote from the email.

"This is considered a feature of the autocomplete system. Significant code was written to make it behave this way."

When session_start(); is issued the default http headers php sends out are a no-cache header. Here is another quote from the Microsoft representitive.

If a secure page says "Don't cache me", that's an indication that the data is sensitive, and hence the autocomplete data itself is likely sensitive. Admittedly, it is a simple heuristic. Personally, I think it's a bit silly, but it's been there forever. It's probably a good suggestion to support "autocomplete=on" to override the default heuristic.

In order to re-enable the autoComplete feature I had to issue this command in php before the start_session() command:

session_cache_limiter ('private, must-revalidate');

I'm sure there are other ways of manipulating the header cache-controls to allow the autoComplete to function as well.

Here is a link to 3 examples forms I made so you can test with IE.

dgavey - how are your forms being submitted? Microsoft isn't overly clear about this subtle issue, but;

YOU HAVE TO SUBMIT YOUR FORMS WITH A SUBMIT BUTTON

for this to work!

Unless of course you are like every site out there that likes to design their own forms thank you very much, and thus you'll need this hack to make IE behave.

http://webbugtrack.blogspot.com/2007/08/bug-137-ie-autocomplete-hardly-ever.html

which points the KB article here, where MS explains this really odd behavior.

Do you have autocomplete="off" as an attribute in your form elements?

Autocomplete is not used in IE when using SSL (which is mentioned in your tags, but not in your question).