Mixpanel: alias on a known user - javascript

I can:
assign a temporary ID to an unlogged user,
collect events
use alias to keep track of the user (all the events appear in the mixpanel people section).
My problem is that if
the user logout, and the cookies gets cleaned out,
when my user come back I assign a new temporary ID to my unlogged user
than it logs in again,
so I use the alias again (with an unknown temp ID and a known user ID) but mixpanel is not able to link that it was the same user again.
These events are lost, they appear nowhere in the people section.
Is it because I explicitly set the distinct_id property of my user (in the mixpanel.track method) ? or it is just not possible to do this operation of tracing unlogged operation and finally realizing that it was a known user ?

If user LogOut there is no way to tie his activity between LogOut and LogIn after cleaning cookies. So this is how Mixpanel's user identification model works together with cookies.
According to Mixpanel documentation - you should use alias() only once in a user lifetime after Signing Up (Registering).
If you use alias() on the last step - Mixpanel will ignore it.
You must use identify() method instead of alias(), but of course Mixpanel will accept only events fired up after indentifying user.
This scenario is described here in Advanced Aliasing: https://mixpanel.com/docs/integration-libraries/using-mixpanel-alias
Their example says about user coming back from Phone insted of PC, but clearing browser cookies means anonymizing (like using another device).
In any general scenario LogOut should not lead to resetting mixpanel's cookies. Can you provide more specific information? Maybe there is a way not to reset them?
For example in my project one device can be used by many users, so this works just fine for me.

Related

Google oauth session lost after page reload (javascript)

I recently moved from the deprecated gapi.auth2 to the new Google Identity Services, using the javascript client library, and noticed a big difference: if someone signs in, and then reloads the page, the session is lost, and has to sign in again, every time the page is loaded. This was not the case with the deprecated library.
The problem can be easily reproduced with the Calendar API example.
Is there any configuration option to keep the session persistent? Or do I need to store the access tokens somehow? I could not find anything relevant in the official docs.
UPDATE:
The migration guide states the following:
Previously, Google Sign-In helped you to manage user signed-in status using:
Callback handlers for Monitoring the user's session state.
Listeners for events and changes to signed-in status for a user's Google Account.
You are responsible for managing sign-in state and user sessions to your web app.
However there's absolutely no information on what needs to be done.
UPDATE 2
To be more specific, the actual issue is not making the session persistent. Managing the sign in state and user session is something I can solve.
The real problem is the access token used to call the Google APIs.
As mentioned in the comments, the access tokens are 1) short lived 2) are not stored anywhere, so even if not expired, they do not persist between page reloads.
Google provides the requestAccessToken method for this, however even if I specify prompt: '', it opens the sign-in popup. If I also specify the hint option with the signed in user's email address, than the popup opens, displays a loading animation briefly, and closes without user interaction. I could live with this, however this only works if triggered by a user interaction, otherwise the browser blocks the popup window, meaning that I cannot renew the token without user interaction, e.g. on page load. Any tips to solve this?
I faced all the same issues you described in your question.
In order to help:
Google 3P Authorization JavaScript Library: in this link we can check all the methods the new library has (it does not refresh token, etc..)
This doc says the library won't control the cookies to keep the state anymore.
Solution
Firstly I need to thanks #Sam O'Riil answer.
As Sam described: "you can somehow save access token and use it to speed-up things after page reload."
Given the the Google's exampe, we should call initTokenClient in order to configure the Google Auth and the requestAccessToken to popup the auth:
tokenClient = google.accounts.oauth2.initTokenClient({
client_id: 'YOUR_CLIENT_ID',
scope: 'https://www.googleapis.com/auth/calendar.readonly',
prompt: 'consent',
callback: tokenCallback
});
tokenClient.requestAccessToken({prompt: ''})
In your tokenCallback you can save the credentials you get somehow, e.g.:
const tokenCallback(credentials) => {
// save here the credentials using localStorage or cookies or whatever you want to.
}
Finally, when you restart/reload your application and you initialize the gapi.server again, you only need to get the credentials again and set token to gapi, like:
gapi.load('client', function() {
gapi.client.init({}).then(function() {
let credentials = // get your credentials from where you saved it
credentials = JSON.parse(credentials); // parse it if you got it as string
gapi.client.setToken(credentials);
... continue you app ...
}).catch(function(err) {
// do catch...
});
});
Doing it, your application will work after the reload. I know it could not be the best solution, but seeing what you have and the library offers, I think that's you can do.
p.s.: the token expires after 1 hour and there is no refresh token (using the implicit flow) so, you will have to ask the user to sign-in again.

How to prevent user to change state of route before some processes

I have Principle factory that set and get user value from local storage after login. But when the user first logged in Principle factory return firstLogin = true, if the user first logged in user must update their company. Because while registering process, the application creates an empty company model and I have to update it with source and addresses information at the first login.
So, how could I prevent user to change state by clicking over URL hrefs at navigation?
P.S
I already tried to add ng-disable= 'firstLogin' but i have a lot of states of the application. Thank you.
You can use $stateChangeStart or $routeChangeStart depending whether you are using ui-router or ng-router respectively.
You can run some functions like checking for auth etc before a state/route change occurs. Please check the examples in the docs linked.

Password protection for a page with a simple function - what are the downsides?

I am doing work on an e-commerce platform, and I was asked to come up with a solution so that a certain group of customers could enter a password protected page on the site. The platform doesn't allow for this, as in the functionality is not available, so according to customer support, it's something you would have to create a custom template for and build from scratch. It doesn't need to be fancy, or hacker proof, just secure enough. So instead of doing that, I dropped the script below into the body of the page.
My first version: I use a prompt to ask for an input (password). If you click "prevent this page from creating additional dialouges", it creates sort of an infinite reload loop for that tab (not ideal, but problem?). Are there other serious problems? Easy hacks for your average person?
$("body").hide();
var passwordCheckFunction = function() {
var testPassword = window.prompt("YOU SHALL NOT PASS");
if (testPassword === "thisPredefinedPassword") {
$("body").show();
} else {
location.reload();
}
};
passwordCheckFunction();
Any advice would be much appreciated, and thank you for your time.
Create your secret page as a category.
Customize it to your heart's desire by choosing a custom template
file for it.
Finally, restrict it to only the authorized customer group
by removing it from view from guests and every group except the
authorized one.
Using this method, the customer only has to sign into his/her own customer account. BigCommerce will prevent access to the page by reading the assigned customer group of the customer.
I realize this isn't your desired method, but you might consider instead just making your page inactive in the admin area of your BC store, then instead of a password provide the direct url for users that are able to see that page.
I'm not sure about the implications for google indexing with an inactive page, but I would assume that they are set not to index it, and if not you could set it in robots.txt

VBScript Locate user in Directory; Return results (Found or Not Found)

I want to begin by apologizing for not including any code. VBScript is completely out of my realm of knowledge and I have been asked to use it for a small program here at work.
The goal: I have been asked to search part of the active directory (I am told that it is an OU in our active directory) and compare the user that is attempting to login to the computer with the OU. If that person DOES exist in the specified OU, I need to do something. If the person DOES NOT exist, I need to do something else.
The specifics: I work at a hospital. The point of this is to keep nurses from using the laptops designated for the physicians on the floors. When a nurse badges in to said computer, if the person logging in exists in the "Physicians" OU (which is my OU), then continue with the login, else log the person out (which would be to key an F4 in Imprivata). This being said, we use a program called Imprivata that logs the user in when they swipe their badge. Imprivata can also perform keystrokes like keying in the user's password, clicking buttons, etc. The Imprivata program allows for code to be written in the background in VBScript, WSH, and I believe JavaScript and then executed when a condition exists (a person logging on a computer). Unfortunately, I know NOTHING about any of these languages.
I have been searching the web and trying different things for a week now with no luck. In fact, I have even got close to anything working so any help would be greatly appreciated and again I apologize for the lack of code.
The easiest thing would be getting the current users OU, which can be done with
Set objSysInfo = CreateObject("ADSystemInfo")
strUserName = objSysInfo.UserName
Now you can check if your physicians OU is part of that. That is of course not the exactly same thing as checking whether that user is in the physicians OU because there could be cases where the same username exists in both OUs. However if the same user in both OUs is something that happens you have problems either way.
After you got the users OU just do a simple string compare. I always use a little helper function for that
Function contains(sourceStr, checkStr)
contains=InStr(1, sourceStr, checkStr, vbTextCompare) > 0
End Function
That does nothing more than a case insensitive check if a string is substring of another. so
contains(strUserName, "OU=Finance,OU=North America,OU=Pacific Coast,dc=fabrikam,dc=com")
with the DN of your OU might already be enough.
If you are new to vbscript a good point to start would be the old "Hey Scripting Guy" blogs where everything is explained in a lot of detail. This one for example is about checking a user's OU.
Windows has settings for this.
Allow log on locally
This logon right determines which users can interactively log on to this computer. Logons initiated by pressing CTRL+ALT+DEL sequence on the attached keyboard requires the user to have this logon right. Additionally this logon right may be required by some service or administrative applications that can log on users. If you define this policy for a user or group, you must also give the Administrators group this right.
Default on workstations and servers:
Administrators
Backup Operators
Users.
Default on domain controllers:
Account Operators
Administrators
Backup Operators
Print Operators
Server Operators.

How do I do anonymous Firebase logins which allow browser refresh?

I'm doing a javascript single-page app which allows people to log in, either via twitter or (for some use cases) anonymously.
A very important thing to figure out was how to let them reload the page -- this shouldn't force them to log back in!
I figured this out pretty quickly for the twitter login, and so it uses cookie-stored information to log back in (specifically, the user_id, oauth_token and oauth_token_secret).
However, I can't seem to make this work with the anonymous login facility.
I tried:
auth.login("anonymous", {
user_id: #get("userId"),
firebase_auth_token: #get("firebaseAuthToken")
});
but it doesn't work... I get a new anonymous user ID. I want to keep the same one for the duration of the user's browser session.
And yeah, I tried both user_id and id, firebaseAuthToken and firebase_auth_token.
Thanks!
By default, sessions are created any time you successfully log in a user, and last up until the session expiration time configured under the 'Auth' tab in Forge. This built-in sessioning applies to all Simple Login authentication types, and is automatic as long as local storage and cookies are available.
To resume a session, simply instantiate the FirebaseSimpleLogin object with a Firebase reference and callback. If a local session exists, the callback will be invoked with the same payload you would see if you had just logged the user in for the first time. Invoking the login method will always generate a brand new auth. flow regardless of current user authentication state or session.
Note that in anonymous auth, once a user session expires it cannot be recovered. This may change in the future or some additional functionality may be added to enable it, but it is currently only logged-in to once per user id.

Categories

Resources