On my struts2 application, User redirects to print page and clears cookies(or session timed out let us say), and on click of print button instead redirecting to login page it is creating new session. I checked in logs, it is going in HttpSessionListener and creating new session leading to toggle back on same page.
I am using Applet based printing.I have interceptors which will check is session is not available it will redirect to login page but in this case it is not coming in interceptor.
How I can avoid this and redirected to login page..?
Related
In my project I'm using normal HTML for front-end and Django for back-end. There I have a login system.
I have two questions on that:
When the user logs-in how do I detect it in HTML and change the Login button to show Log out.
How do I maintain this changes across pages. So, that when I navigate to a different page after login it keeps showing the logout button.
Don't suggest me react. I have come a long way from where I can change
my technology stack for this project.
You can use Session Storage for storing the login state of the page for the current session only.
sessionStorage.setItem('isLoggedIn', true);
Fetching the Login Status while displaying the button :
var isLoggedIn = sessionStorage.getItem('isLoggedIn');
if(isLoggedIn) {
//code for logged-in users
}
Points to know about Session Storage :
A page session lasts as long as the browser is open, and survives over page reloads and restores.
Opening a page in a new tab or window creates a new session with the value of the top-level browsing context, which differs from how session cookies work.
Opening multiple tabs/windows with the same URL creates sessionStorage for each tab/window.
Closing a tab/window ends the session and clears objects in sessionStorage.
You can use localStorage to save as a variable such as isLoggedIn that will persist across different routes and on refreshes. Example when you want to save
window.localStorage.set("isLoggedIn", "true");
When you want to check if they're logged in
const isLoggedIn = window.localStorage.get("isLoggedIn");
I have a project written in perl-dancer and angular. Im using google as a openId system.
Some of my pages have an edit grid with a save button. In order to avoid loosing unsaved data on session(session created from perl-dancer) expire, I have an angular interceptor which listens to 401 server errors and opens an angular modal holding the "google login" button(this is triggered on server request after session expire).
I have set the opening of google form on a new tab instead of redirect from original page in order to avoid loosing the possibly unsaved data.
On successful google authentication the new tab redirects to the project homepage and the original stays with the open modal holding the "google login" button.
Ok now the new tab can be closed and on the original window the modal closed and the unsaved data is still there.
But this poor solution as result of not being allowed to embed the google login form or similar seems as a terrible solution from the user experience point of view.
Solutions, suggestions, help?!
One suggestion would be to check $state (or some other service) in the interceptor so you could set a flag in localStorage that indicates user has data being processed.
Then have a special route for this situation that just tells user to close the window and keep editing/saving in the previous window they have open
There would then be several different ways within the app start up you could check localStorage for this flag in order to redirect to that special route.
Within controller of that route clear the localStorage flag. You could even use localStorage events to close the modal in previous window automatically
I am creating a Forms Authentication in MVC using
`FormsAuthentication.SetAuthCookie(userName, model.RememberMe);`
And in Controller we use [Authorized] attribute to make sure user session is valid and has not expired. It works well when user move from one page to another. And if Cookie is expired then Login page is shown again.
Problem is with the one Page (Dashboard) which makes Ajax calls to server (Controller) to refresh some items on the screen every minutes.
As per company policy we can’t have session more than 30 minutes. So if this page remain open for 30 minutes and session expire we would like to redirect to Login page.
Currently if session expires this page still remain as it is but stop getting refreshed and then user complains they can’t view data. Of course they can see it again once they refresh the page but is there any way using which I can find using JQuery or Java Script that FormsAuthentication cookie has expired
Of course they can see it again once they refresh the page but is
there any way using which I can find using JQuery or Java Script that
FormsAuthentication cookie has expired
Yes you can. Phil Haack wrote a very nice blog post explaining how you could prevent the Forms Authentication module from simply redirecting to the login page but instead return a 401 status code which your client AJAX call might catch and use window.location.href to manually redirect to the login page.
http://haacked.com/archive/2011/10/04/prevent-forms-authentication-login-page-redirect-when-you-donrsquot-want.aspx/
He also wrote a NuGet called AspNetHaack which you could use and if you are interested browse the source code here: https://github.com/Haacked/CodeHaacks/tree/master/src/AspNetHaack
The way authentication works in our webapp is that after 2 mins of user idle time it redirect the next HTTP request to the auth server to refresh access token which is then placed in a cookie which is used to authenticate subsequent HTTP requests. So, if the user is idle longer than 2 mins and then tries to submit a form, the redirect to auth server loses form data and sends the user back to the empty form.
We have no control over the auth server and would like to come up with a mechanism that would periodically perform a background redirect to auth server without leaving the current page. One option is to use an embedded iframe, but this makes it nontrivial setting the cookie on the main page after the redirect. Is it possible or appropriate to use HTML5 web workers for that? Any other solutions?
Thanks
I am facing a problem with a backend using cookies .
The UI technology is JSP and i have login to the application and performed some operations.
At that time i copied the url and opened a new tab and pasted the copied url
In this case i would like the user to be redirected to login page.
This is what i understood from your question :
Your webserver uses cookie to store user session info , you want the user to be redirected to login page when he copy pastes the link onto a new tab .
This is what happens when you do what u said u did :
When a user requests a url from a new tab with an established session in the previous tab , the cookie is sent along with this newtab request hence the webserver renders the page to this request since it is legitimate.
However , the same will not work if you fire the request using a different browser.[In this case the backend will redirect the user to login page (if you've identified the url is without cookie info and programmed a redirect to login page in your server code).]
I don't think this can be done using cookie based session handling .
Please do check this link How to differ sessions in browser-tabs?