I am facing a problem with a backend using cookies .
The UI technology is JSP and i have login to the application and performed some operations.
At that time i copied the url and opened a new tab and pasted the copied url
In this case i would like the user to be redirected to login page.
This is what i understood from your question :
Your webserver uses cookie to store user session info , you want the user to be redirected to login page when he copy pastes the link onto a new tab .
This is what happens when you do what u said u did :
When a user requests a url from a new tab with an established session in the previous tab , the cookie is sent along with this newtab request hence the webserver renders the page to this request since it is legitimate.
However , the same will not work if you fire the request using a different browser.[In this case the backend will redirect the user to login page (if you've identified the url is without cookie info and programmed a redirect to login page in your server code).]
I don't think this can be done using cookie based session handling .
Please do check this link How to differ sessions in browser-tabs?
Related
I am working on an offers site and we are developing a functionality to send the offers listed in our page in an email to the end user.
In our webpage there is a section called Offers with the enclosed tag id as Offers.
When the user clicks the link in url
Link: https://www.test.com/service#Offers
Expectation: The service page should be loaded and it should scroll to Offers sections
This is working when the user is already signed in.
But when the user is not signed in , the user request will be forwarded to the sign in page and then it reverts to the /service.
But this time, # anchor is missing in url
https://www.test.com/service
and so scrolling is not happening.
Please help me how can i solve this issue.
is it advisable if i can replace it with https://www.test.com/service?Offers
Please advice.
Your problem is related to your frontend which doesn't send the anchor in the URL to the backend because it represents a frontend state (this is by design and cannot be changed). So when the login page keeps the return URL in session and then redirects after login, the redirection doesn't contain the anchor because the backend simply doesn't have it.
If your login is based on HTTP redirects, the web doesn't offer any native solution to your problem.
Context
Users work on website A (SPA, Angular)
To get more info about specific entities they can be redirected to website B (website B is open in a new tab)
Both websites belong to different companies but there is a contract so that users of page A have access to page B
There is a redirect https://websiteA/redirect... that does a redirect to https://websiteB/... so that the user has an active session on websiteB
Problem / Question / Requirement
We would like to be informed on websiteA that the session on websiteB has been established, what possibilities do we have?!
Possibility A) Open websiteB in new tab
If we open the session-building redirect in a new tab it works and the cookies with session data are saved in the browser for websiteB. So the following requests to websiteB work, the user is logged in. Only problem, we have no info about those tabs in the js of websiteA and don't know if it worked.
window.open returns null. No chance to get for example an onLoad event of websiteB. Are there any headers the server of websiteB can set for websiteA to be able to get info about a success?
Possibility B) Ajax Request (Angular HttpClient)
If I do the session-building request with ajax, will that save cookies? A first test with a nodejs server shows me, that the httpClient follows the redirect to websiteB but when I open a tab on websiteB afterwards I see no saved cookies. Are there any headers the server of websiteB can set so that cookies are also set when it's an ajax request?
Any other possibilities you see how website A can know if the session has been established?
So my app is (mostly) running. This is a corporate app, that our clients will 'install' on their own Facebook page(s), and make available for THEIR clients to run. During the connection process, I use the FB UID to determine their account on our system, connect that UID to the local account ID. I save that connection in our database, so that when the app is triggered from a Facebook account, I use that mapping to access the correct data.
First issue: I want to be able to detect that the app is being triggered from a Facebook page. I went into the App Settings page, and set up the "Page Tab" platform, with a secure URL. But when my app is added to a page tab, that URL is not invoked, but the Secure Canvas URL is invoked. Why? I assumed that was the point of having a Secure Page Tab URL for my app.
But if that doesn't work, is there a way to identify that my app was invoked from the Page Tab instead of some other way? Not as clean, but that would word as well.
I have used the Javascript API to login, and connect the App to a page. This is all working well.
This is answered in the Page Tab App documentation:
When a user selects your Page Tab, their browser will send a HTTP POST
request to your app's Secure Page Tab URL. This request will contain a
Signed Request in the signed_request parameter with fields you can use
to customise the content returned to the user.
If you're seeing the 'wrong' url triggered, make sure you're not accidentally redirecting, either upon receiving the initial POST request from the user's browser, or after using Facebook Login (e.g. if your redirect_uri when opening the dialog is accidentally sending all users to the same URL after login instead of back to where they triggered the flow from)
On my struts2 application, User redirects to print page and clears cookies(or session timed out let us say), and on click of print button instead redirecting to login page it is creating new session. I checked in logs, it is going in HttpSessionListener and creating new session leading to toggle back on same page.
I am using Applet based printing.I have interceptors which will check is session is not available it will redirect to login page but in this case it is not coming in interceptor.
How I can avoid this and redirected to login page..?
Using JavaScript I would like to automate the submission of data via a form POST to a website that requires a login. Using a browser, I am able to login to this site and create a session. On another tab of the same browser, I would like to open up a second tab on the same browser and load the page where my JavaScript resides and allow the JavaScript code to interact with the website session I created on the first tab so the data being posted is admitted as the session I am logged on from the first tab.
The purpose of this is to automate the posting of data to this website that requires login.
I have the JS that does my form POST automation. However the issue I am encountering is that the JS fails to post to the website because it does not seem to detect or use the session information from the previous tab and therefore thinks I am not logged in.
In short, how can I allow the Javascript http request running in one tab of my browser interact and take advantage of a session I have created with another website I have logged in in another tab of the same browser?
It turns out that i needed to add the withCredentials property to the xmlHttpRequest. Doing this allowed me to impersonate the cookies i already had set on the other tab.