From 8852df7a7a436f9ec83df68acf83f4d4da59696d Mon Sep 17 00:00:00 2001
From: Vinyl Darkscratch <vinyldarkscratch@gmail.com>
Date: Mon, 4 Feb 2019 09:56:58 -0800
Subject: [PATCH] Delete password rather than simply clearing it

---
 gluon/tools.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gluon/tools.py b/gluon/tools.py
index 1798d5b2..2539aa23 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -2637,7 +2637,8 @@ class Auth(AuthAPI):
                         # invalid login
                         session.flash = specific_error if self.settings.login_specify_error else self.messages.invalid_login
                         callback(onfail, None)
-                        request.post_vars['password'] = ""
+                        if 'password' in request.post_vars:
+                            del request.post_vars['password']
                         redirect(
                             self.url(args=request.args, get_vars=request.get_vars, post_vars=request.post_vars),
                             client_side=settings.client_side)