Index: openacs-4/packages/openacs-bootstrap3-theme/resources/widgets/login.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/openacs-bootstrap3-theme/resources/widgets/login.tcl,v
diff -u -N -r1.7.2.2 -r1.7.2.3
--- openacs-4/packages/openacs-bootstrap3-theme/resources/widgets/login.tcl	19 Jun 2022 15:33:23 -0000	1.7.2.2
+++ openacs-4/packages/openacs-bootstrap3-theme/resources/widgets/login.tcl	29 Aug 2023 14:17:21 -0000	1.7.2.3
@@ -23,12 +23,21 @@
 set num_users_online [lc_numeric [whos_online::num_users]]
 set whos_online_url "[subsite::get_element -element url]shared/whos-online"
 
-set return_url [ad_return_url]
 if {!$user_id} {
+    #
+    # If the current form is the login form, remove the password for
+    # security reasons.
+    #
+    set f [ns_getform]
+    if {[ns_set get $f form:id] eq "login"} {
+        ns_set delkey $f password
+    }
+    set return_url [ad_return_url]
     set login_p 0
     set login_url [export_vars -base /register/ return_url]
     set register_url [export_vars -base /register/user-new return_url]
 } else {
+    # set return_url [ad_return_url]
     set login_p 1
     #set name [person::name -person_id $user_id]
     set name [person::get_person_info -person_id $user_id -element first_names]