Delete password rather than simply clearing it

gluon/tools.py

@@ -2637,7 +2637,8 @@ class Auth(AuthAPI):
                         # invalid login
                         session.flash = specific_error if self.settings.login_specify_error else self.messages.invalid_login
                         callback(onfail, None)
-                        request.post_vars['password'] = ""
+                        if 'password' in request.post_vars:
+                            del request.post_vars['password']
                         redirect(
                             self.url(args=request.args, get_vars=request.get_vars, post_vars=request.post_vars),
                             client_side=settings.client_side)