Perl CGI redirect after authentication - javascript

I know its a basic question and it is been asked for several times but i was not able to understand it.
I was using a html webpage with some input fields and submit button when the submit button is pressed the post is done through XMLHttpRequest and CGI script is called. In cgi script the authentication is checked with the value in the file of server.
The problem is that if the authenication is false i want to redirect the browser to the xmltest.shtml for this i have written in the CGI:
if($isauthenticated == 0)
{
print "Location: http://xmltest.shtml\n\n";
}
But when this cgi is called in return the get is called with the xmltest.shtml page but the browser is not redirected.
It means that if I check in the Firebug console the get request is seen by me for the xmltest.shtml but the browser page is not redirected to the xmltest.shtml it remains to the same page.

You can't cause the page to redirect that way. When you use XMLHttpRequest, you are sending the redirect header to the XMLHttpRequest client, which runs in the background. You will successfully redirect that client, but it will not affect the page on the screen.
If you want to redirect the actual browser page in response to an XMLHttpRequest session, you will need to write some JavaScript to capture the error condition and redirect the browser by updating the value of document.location.href.
If you're using an AJAX framework like jQuery, there is an error callback available in the ajax method which will get executed if your failed request returns an HTTP 403 or similar.

Related

Run Javascript before Page_Load event

I have the following JS, currently it's just before my closing body tag
<script type='text/javascript' src='https://www.mydomain.com/jtrack.js'></script>
<script type='text/javascript' >
if (typeof trackPage == 'function') trackPage();
</script>
Part of this script sets a cookie, which I need to read in the Page_Load event of my asp.net page. But that event is firing before the cookie is set. How can I change this so the script runs first?
Thanks
Simple answer, you can't. It is technically impossible.
If you look at the ASP.NET page lifecycle overview then you'll see that the page load event occurs before the page begins to render - which would make it completely impossible for the client to have executed JavaScript on the page at this point, the user agent (browser) hasn't even began to have received the page. With the sole exception of unload, all of the ASP.NET page lifecycle events happen on the server and before any response has been sent to the user.
The unload event is highly unlikely to ever execute after your JavaScript, unless you are streaming a response to the user, had the JavaScript (without dependencies) at the first possible point on the page, and were building a really complicated page response. Even if the JavaScript did somehow execute before the unload event fired, it wouldn't matter, as cookies are sent with the page request and that has already happened. The cookie will not be sent until the next request from that domain (although it doesn't have to be a page that is requested, images, scripts or stylesheet requests will all include the cookie in their request headers).
You can have your JavaScript set the cookie on the first request which will then be available to all subsequent requests in the Load event handler, and use an Ajax request (if necessary) to log that initial page and the assigned cookie value - which will be sent (assuming it has been set at that point) in the headers for the Ajax request.
What you can't do is set a cookie on the browser of a user before the user has visited your site, execute JavaScript before it has been sent to the user, or send new request data part way through a response.
Use JS setTimeout
Eg.
ScriptManager.RegisterStartupScript(this, this.GetType(), "TestMessageModal", string.Format("setTimeout(function(){{swal('{0}','{1}');}},{2});", type, CommonUtils.RemoveSpecialCharacters(Message), timeout), true);

Start asp session OnClick (when click on a link)

I have this code:
LINK
The problem is that this result in the session example will be true when loading this page and not when clicking on the link.
How can I solve this?
All the server code in the page runs on the server before the page is sent to the browser. What you end up with in the browser is just:
onclick=""
If you want to run server code when an event happens in the browser, you have to make another request to the server. You can either make a postback of the page and send some information back to the server (in querystring/formdata/cookie), or use AJAX to request a different page that contains the server code that you want to run.
Edit:
To use a querystring, make a reload of the same page and add for example ?ex=1 to the URL. In the server code you can check for this and set the session:
If Request.QueryString("ex") = "1" Then
Session("example") = True
End If

How to return a "noop" document over HTTP

I have a CGI script that does a lot things. I'm trying to keep the script very simple and portable. I just need some way for the user to send a message to the server without having to lose the current page. So far, I have the following process:
User loads a "status page" from a CGI script.
The status page has a javascript timer that will read data (not the entire page) from the server every two seconds and alter the status page accordingly.
User clicks a hyperlink element to launch a job on the server.
The CGI receives the parameters from the click and starts the job.
The CGI sends a response of \n
At this point Firefox asks the user if they want to download the CGI script and of course the script is just the \n that the CGI sent. Instead, I want the browser to ignore the response altogether. If my CGI script does not echo a \n apache gives an error. What could I do to tell the browser to ignore the response and stay on the current page? Note that I would rather not reload the current page. I'm thinking there must be some sort of "noop" HTTP response for such a case.
Send back a response with the 204 HTTP status code. From RFC 2616 aka Hypertext Transfer Protocol -- HTTP/1.1:
10.2.5 204 No Content
The server has fulfilled the request
but does not need to return an
entity-body, and might want to return
updated metainformation. The response
MAY include new or updated
metainformation in the form of
entity-headers, which if present
SHOULD be associated with the
requested variant.
If the client is a user agent, it
SHOULD NOT change its document view
from that which caused the request to
be sent. This response is primarily
intended to allow input for actions to
take place without causing a change to
the user agent's active document view,
although any new or updated
metainformation SHOULD be applied to
the document currently in the user
agent's active view.
The 204 response MUST NOT include a
message-body, and thus is always
terminated by the first empty line
after the header fields.
Instead of trying to solve this problem on the server side, you might want to investigate a client side solution. For example, using jQuery you can easily initiate an AJAX asynchronous request to the server on a button click. You don't have to load a new page on the browser at all.
Instead of having the hyperlink be a real <a> or <form> with default behavior, have it be some clickable element whose clicks are handled by your client-side code. The Javascript code should send the job requests with XMLHttpRequest objects, putting it in complete control of how the response is handled.

AJAX and browser GET calls appear to have different cookies

I have 2 pages, a static html page and a python script - hosted on [local] google app engine.
/html/hello.html
define as login: required
/broadcast
which is a python script
when I access hello.html for the first time I am redirected to login page, I sign in, and then redirected back to hello.html.
inside hello.html - an AJAX call with jQuery is executed to load data from '/broadcast', this call errors saying 'you're not logged in'!
BUT - the same call to '/broadcast' through the browser address field succeeds as if I AM signed in!
as if the ajax and the browser callers have different cookies!??
HELP, am I going bananas?
Stupid me...
The ajax call was to localhost/broadcast
and the browser address field was 127.0.0.1/broadcast
...
the cookies for "different" domains ('127.0.0.1' != 'localhost') are not shared ofcourse...
Then I haven't gone mad...

Can Response.Redirect and OnBeforeUnload play nice together?

Does anyone know how to detect in a OnBeforeUnload event that the server side code sent a Response.Redirect? I want to prompt a user to keep them from moving away from a page before it's time, but when the server redirects I it shouldn't prompt the user.
I'm working with legacy code that extensively uses Response.Redirect and I'm not interested in changing the way the redirect occurs. Please don't suggest I use X redirect method.
It should be possible to do this based on the response code in the XMLHttpRequest object as a response redirect should send back a 302.
Edit: The Response.Redirect sends back a 200, with a redirect code in the body which then does a window.location.href = new page in the ASP.Net code. Is there any way to get to the server response to determine that this has happened?
I worked out a solution to it.
When the PageRequestManager is processing the response from the server, it will set the _processingRequest flag. In order to allow response.redirect to pass through, I changed my javascript to check for that. The event now looks like this:
window.onbeforeunload = function() {
var prm = Sys.WebForms.PageRequestManager.getInstance();
if (!prm._processingRequest){
return "Are you sure you want to leave?";
}
};
For non-ajax pages, you're out of luck since the page is never sent to the browser, just the 302 header. So there's no opportunity for javascript processing of OnBeforeUnload.
With ASP.NET AJAX a Response.Redirect really isn't doing a 302. It's sending back a message via the XMLHttpRequest and ASP.NET AJAX is simulating a 302. In theory you could intercept this and perform your own processing...
Yes, Response.Redirect has an overload that lets you decide whether or not to terminate the request (raise a ThreadAbortException). If you let the Response finish (pass false as the second parameter); OnBeforeUnload will also run.
However, simply running OnBeforeUnload will not help you in this case, since your client side code (the prompt) will run before a new page can be sent to the browser (and, if you redirect, it will also only be the 302 header and not the real page).
I would use AJAX to query the server, and if it reports the operation to be completed, allow the redirect in the Javascript code.

Categories

Resources