Change login to POST to allow browsers to remember the password
The login form is sent via ajax. This avoids that browsers offer the option to store the password. The form should be changed to use a simple POST request. To keep it compatible to the current implementation, it can be done in the following way:
- POST to a hidden IFrame
- respond to POSTs with a minimal document that contains some javascript call that passes the result back to the handler