How to prevent user from opening the application in multiple browser tabs? - javascript

We are looking for a way to prevent users from opening the application in multiple tabs under the same browser.
The idea is to get plugged into one of the query Filter and then get access to the session maybe, and check if there is an already opened tab before proceeding.
I looked into httpSession and HttpRequest stuff but found nothing that can help.
Is there any functionality in the java side to know if the app is already opened in another tab?
thanks,

There's ways to accomplish this with Javascript.
See past questions / answers
How to prevent same website open multiple tab pages?
Stop people having my website loaded on multiple tabs
Preventing user from opening multiple tabs for the application
But all of those javascript techniques fail to work if ...
your user simply turns off Javascript.
they load the website from multiple browsers.
they load the website from normal and incognito modes on the same browser.
they load the website from multiple devices (laptop and cell phone).
You'll wind up with a mix of feature to attempt to prevent this (but it's a losing battle, and there's countless ways to get around it).
If you have a login, you'll want to track past logins and offer to disconnect / invalidate those other logins on a new login. (this will help with the multiple browsers and devices attempts). Your authorization layer on your server side will invalidate old sessions if they are attempted to be used.
If you have multiple tabs in the same browser, the javascript techniques from the old questions/answers are probably the best.
There are also people attempting to use websocket to act as the single point of communication, but I don't understand how that could work, but you'll come across it in your research.

From the server's perspective, it doesn't matter if the requests come from the same browser tab, different tabs, different browsers or different devices. Two tabs can share the same session. There is no way for the server (or the servlet) to know whether the request came from tab A or tab B. Tabs are a browser feature, it doesn't get sent in the HTTP header.
If you would elaborate on why you want to do this, I might be able to give a better answer.

Related

Allowing to load web pages directly from browser and navigating through browser buttons?

Is it good to allow webpages to load directly from browser url field or browser back buttons?
Our webapplication is working fine if any user navigates through home page, but some users are directly accessing the web url in the browser and raising issues that it is not working fine.
Can you please suggest do we need to support loading the urls through browser or allow to navigate through home page?
Some banking websites gives a warning saying to do not use browser urls or browser buttons to navigate between pages i.e. they will warn to do not press browser back button to navigate to previous page etc., so is it correct idea then?
Yes! Ideally, you should let your users use the links directly and have the website function as usually does. This is ideal if they use, for example, their "recent webpages" functionality on their browser, they want to revisit some page from their history, or they visit the webpage so often it appears on their recommended webpages list (This is a functionality present in some browsers, such as Chrome).
A good way to achieve this is query parameters.
Overall, you should expect your user to access the website from other places than the homepage, and have some logic to handle it in such a webpage that the website doesn't become broken.
However, there are some situations where it's just impossible to have the website work as expected without some previous action done by the user (For example, filling a form or being authenticated. In some cases, your user might need to be authenticated to visit a specific link, and ideally, because of security, user sessions should eventually expire). In this case, having safeguards that redirect the user to some previous page where they can begin their flow again (Such as, the login page) is better than nothing.
How to implement this depends a lot on the stack being used (Programming navigation varies between React and Angular. You might not even be using a library or framework at all!). More context would be needed to suggest an approach.

How to run javascript code only from single page among all opened pages

I've a Javascript file getting loaded in each page request which contains some timer based ajax functions.
What I want is that whenever a new site page is opened it should check if any other existing page is already executing those functions so that it can skip execution them. However if "other" page is closed then it should start executing those.
So the pages look like : example.com/page1.htm, example.com/page2.htm -- all on the same site containing the same Javascript file on separate tabs or windows. Not on Iframes. Even same page can be open in multiple tabs or windows.
What is the way to do it?
I tried Googling this but couldn't find any answers to this.
There are several ways to do cross-tab communication but they are all limited to the Same Origin Policy
They are:
Cookies -- bad idea. Don't do this
Local Storage
Post Message - Limited support in some versions of IE. User beware.

Disable Cookies Inside A Frame/Iframe

Is there any way to programatically disable cookies being created by a page displayed inside of a frame/iframe? Or to generalise further, is it possible to programatically disable javascript running on such a page?
Thanks,
DLiKS
with iframe sandbox attribute (html5) it will be possible (implemented in chrome)
http://dev.w3.org/html5/spec/Overview.html#attr-iframe-sandbox
NullUserException already answered what you can do today without browser support
The only way you could change that for an external website you have no control over is to retrieve the pages using a server-side script, filter the input and display it to the user (ie: act as a proxy).
You just can't modify sites out of your domain (or subdomain - it might depend on the browser) using J/S for security reasons.
If you mean that you want to change the settings of the browser by code in a web page, then no, this is not possible (and if it were possible, it's a huge security breach and all alarms would go off).
You may surpass this, however, by writing a plugin, but then each user must first download the plugin. You can also request higher priviledges, but it'll depend on the browser whether you can change any user settings.
If you mean that you want to write a script on every pc in your company to disable JS + cookies for certain pages, you can write plugins and install them everywhere, or use a proxy (as has been suggested by others) and filter the pages. If it is just for debugging a self-made page, use the Developer Toolbar for the various browsers, that can turn JS/Cookies on and off.
Why would you want to do such a thing? If you want to disable cookies, you disable it on your own page by simply not using cookies. The same goes for javascript: don't add it to your page and you've disabled it on your page.
Note: if any page would change anything of the user settings of the browser, your page will probably be blacklisted by Google, most virus scanners and fishing prevention tools.

Do not fetch app.manifest each time

For creating an offline version of a bunch of linked web pages I use an app.manifest-file that lists all the web pages for offline caching.
I would like it that the app.manifest file is not fetched every time when a user jumps from one web page to another. Most of the web pages will never be updated once the application is on the iPhone. Also the target audience is abroad so roaming costs could add up while users are using my "web app".
Searching the internet made me think in the direction of forcing an offline mode in Mobile Safari using Javascript but I don't know if this is the right way to go or if it is even possible.
Does anyone have any other and/or better ideas and suggestions on how to do this?
I would try setting an expires header to the future for the manifest file. That should theoretically prevent the browser from making a request for it. Never tried it, though.

Comet JavaScript libraries that support multiple windows

Are there any free Comet JavaScript libraries that allow multiple windows/tabs to reuse the same connection? In other words, when you open a second window, it detects that you have another window open under the same domain. Rather than open a new connection, it starts listening to the other window's connection. That way it can stay within the browser's per-domain connection limit.
Lightstreamer seems to handle this well, but I'd prefer something open-source.
I think the closest thing you're going to find in the Open Source world is going to be the functionality build into Dojo.
I'm sure in the future, you'll see more Open Source support for that kind of functionality...but for now you might have to hack something together.
You can't do that directly, because different browser windows/tabs don't know what connections are open in other browsers/tabs. The best you can do is either 1) wildcard a bunch of subdomains (the per-domain limit is per-subdomain too) or 2) use a cookie or some other form of persistent storage and fall back to short-polling, which is what the dojo framework does.

Categories

Resources