I have something to resolve. I have a website use Spring security for authentication and check login ...When user open two tab, a one tab they login with one user account, and other tab, user will login with other user account. I want to inform to a first tab that "you're invalid session" or "have other user account login" or something like that. It's like how gmail works.
Now, I have some idea:
I will use ajax to check with server every 5s and get the information of current user account.
Trap before click event and ajaxSend event for check with server, if have other user account, abort it and inform to user.
Use WebSocket for communicate with server. I think server need to manage a lot of user account and it will make server work a lot.
Any idea about that?
Thanks in advance!
Related
i want to make login system, and check if user is multiple login and give notification " account already login in other device" in current user login. how to make system like that? I've searched for it on google but couldn't find the right one
check if user is multiple login and give notification " account already login in other device" in current user login
Problem:
You can't really tell when the user is still logged in because the stateless server.
Lets say I log in inside an incognito window. When I close the session cookie is deleted.
But on the server it's still exists. How do you tell I'm actually logged in or not?
Solution:
You can make a heartbeat request to the server and log the activity.
So you have a JS code sending request in every minute so you know the user is online. Also in every request you set the cookie as well.
So you log the last activity time in every minute and every request.
When the user tries to log in you check if the logged activity is older than two minutes.
In my project, when user logs in, then I make an entry in A table Called LogTable and show it to the Admin Page that this user is online. And when user clicks on the log out button, then I delete data of that user from the log table, so this user is not shown online to the admin.
Now the main problem is that if user will close his browser without clicking that button, then how to delete those data.
Or what can be other way to achieve it in the best way?
I want that if user logs in from one system and tries to login from another system, then firstly we show that you are logged in another system and if she/he clicks on retrieve, then her/his other login automatically logs out and she/he has to login again.
Integrate your c# with javascript, javascript detect browser close, if you want to delete your data from db then you have to make http request for deleting data in this function. Try to interate it or make xml ajax request when browser is closing.
$(window).bind("beforeunload", function() {
return "write your code over here for deleting data.";
})
I would suggest reading up on the ASP.NET life cycle here and here.
Usually, we store that information using Session state.
The session is created for each user individually and will be automatically destroyed after a certain amount of inactivity or after the user has moved away from the page.
You could possibly use Application state.
But application state is shared among all users and persists until the last user has navigated away from the site.
I hope this helps :)
Hi Guys...
I have made each user based authorization on my website, every user has different rights.
From the admin screen, I can assign new rights to the user. That assigned user logs out from that browser and I store their login info in that session. Then I assign the user their rights, and the assigned user is log in right can't apply
so I need to the user log out from master screen
Is it possible?
if it is possible please give flow
thank you
You can use websockets/SignalR to do such kind of task.
On a high level, you will have a hubs where you will be able to send needed info to your clients.
Whenever a new user logins, you can add that user to be notified and if at all your admin tries to change settings of a user, Hubs can be used to send a message to that user.
How to send user to a login page if his account logged in from another device / browser (without waiting for a page refresh)?
I want the page to be available at the same time in only one browser at a time. If a user entered from somewhere else, the previous device must be forced to open authorization form.
I think is possible to use something like Server-sent events, but this method is not supported in IE, and I do not know how to use it.
I would be grateful for the help.
I've been banging my head against a wall with this one for way too long now.
I have a page outside facebook, with a like-button. Because it should be on a public computer, we also need a visible logout-button. When "like" is clicked, the user is prompted for login credentials. If those are ok, the like-event goes through ok. The user then should be able to log out. Which doesn't work.
The like button is now an -element. When clicked, it creates an edge.create-event that I can catch nicely.
For Logout button, i've tried 2 options.
First one:
<fb:login-button autologoutlink="true"></fb:login-button>
problem with this is, the link stays as "login" even after the user has logged in through the like-link, even after page refresh.
and a plain button, that triggers
FB.logout(function(response) {
cout(response);
});
This returns an error "FB.logout() called without a session." this seems to be because the user hasn't authorized the application. So the application has no rights. Both logout-options work fine IF the user has authorized the application. Problem is, this is only asked when the "login"-button is clicked. In this use case it wouldn't make sense for the user to first login and then click like.
Any ideas how to get the logout to work without getting the app authorization from the user?
Or how to make "like"-button in a way that it will ask for the app authorization?
I don't think it is possible.
You can check if somebody is currently logged in to facebook but not your up, that's about the most you can do. If a user is not authorized your app then you can't do anything with their login session (or data).
I don't think you should worry about public computers though, it is facebook's problem after all, not yours. If a user checks "remember me" on a public computer during login then they most likely won't click your logout button either.