asp.net periodically send messages to server - javascript

I'm using VS2010,C# for developing ASP.NET. I want to send periodical messages to server in order that server knows which user is really active (with open windows), so that when a user closes window or changes url (instead of clicking on logout button), my server can detect user sign out and can close his session. what are my options here? I don't think JavaScript would be safe as I should probably update my database (is there any other way? for instance can I call an address in my JS function?)
Another solution would be to use AJAX to send server side messages to server, is it safe and efficient? what is the best way? security is really important for me

Using ajax with JQuery is a good option

Related

how to send data to server without showing it, in developer mode browser (inspect)?

I want to hide the identity from get function in php,
I'm using xhr, to get the from server
it working fine but maiking too much requests to the server due to this, sometimes server is showing server down,
I have to hide the identity or message to which I'm sending to the server
Is there any way?
You can't make a browser keep secrets from its owner.
If you want to make a request without the browser's owner knowing about it, make it from the server instead of using XHR.

Establing connection to MYSQL Database [PHP]

I had this random question in my mind while I was surfing on the net...
Is it possible to establish connection to MYSQL database WITHOUT refreshing? Like if there is a button in a page which when clicked it secretly establishes connection to Database without even letting user notice any change in the webpage, Everything looks the same but secretly a webpage connects to the database..
I know.. This process is possible in Javascript, but I wanted to find out a way in PHP
When the page has been loaded. PHP can't be used anymore because it's a server side language. Javascript on the other hand works client side. Which means you can execute functions and such on the client's machine without page reload.
AJAX can enable you to 'open' a PHP and execute PHP code (not JS) without page reload. If you will, it's like you're opening a PHP page but it's not visible to the user, it runs the PHP file 'behind'.
As others have said, remember that PHP is a "server-side" language, and that the SQL database also lives on the "server side." The JavaScript application, running on the client, has no direct access to it.
What the JavaScript application must do, then, is to issue asynchronous requests ("AJAX ...") to the server, asking for whatever it wants. The end-user will not be directly aware that this is going on, and the content of the screen-display won't necessarily change (unless you change it).
As part of servicing the (properly authorized ...) request, the PHP side might connect to the database and issue queries against it to get the information that it needs, in order to prepare and send-back a reply to the (JavaScript) client.
Now, the JavaScript side won't necessarily know, nor will it care, just how the results that it receives were actually obtained by the PHP code. It only "issues a request, and, sometime thereafter, gets a corresponding answer."

MVC5 action without refreshing timeout

I am using MVC5, EF6, AspNet Identity 2.0.
The views need to periodically check server for new notificiations, this is done by javascript/jquery get periodically reading a server side GET action.
Unfortunatelly, even the action having [AllowAnonymous], I found that action executes "OnValidateIdentity", I mean that sometimes the cookie expiration timeout is refreshed.
If the user just keep the page open, the logon will never expire... This is bad.
I read that javascript/jquery can't send a cookieless request. Seems that MVC5 server-side it is impossible to ignore the cookie in determined action.
I'm stuck... Any suggestions? Thanks in advance.
I found that best way is to use SignalR to notify the open pages about new notifications.
Javascript pool reading a server side GET action is not so smart, as it consumes more resources.

How can an API call be handled completely on the server side without the client seeing it?

I would like to know if the following is possible and if it is please guide me in the right path.
My site is x.com and when a user submits a form on my site an API call is made to y.com which returns a JS hash (yeah very outdated, I know).
You can see the call to y.com being made in FireBug with returned params. Problem is that Adblocker Plus is intercepting this content and blocking it from view. (Not good (displaying a message about ad blocker is not a solution (In this case the user is actually expecting the ad)))
Is it possible to have my server make the request to y.com server (without the user's client being aware) get the response on my server side, and then finally generate the page and with the response content in the body, and lastly render to client?
This is entirely possible. You could define an endpoint on your local rails app (x.com) and submit the form to that endpoint. Then use an HTTP library, I prefer rest-client, to then submit the form to y.com.

Authenticated JavaScript AJAX Requests

I'm developing a mobile application that requires users to login, and then they can use the application. The application will submit data to the server upon submission. Here's my question: if I want the application to be available to users even when there is no internet connection, I will allow them to bypass the login screen and use the application without logging in. However, once an internet connection is available, and the application knows that, and tries to submit the information to the server (through jQuery AJAX), how do I validate the request? It seems like if someone really wanted to, they could set up their own web page and submit their own [fictitious] data to my server using the same AJAX URL and data format that my application is using. What would stop them? How do I ensure on my server side (receiving end of the AJAX request) that the only data coming in belongs to my application, and not someone who is simply mimicking my AJAX requests?
The only thing I can think of is when the application detects that the internet connection is back, immediately show the user the login screen, and then use an expiring cookie/ticket to validate the AJAX requests.
Any advice? Thanks!

Categories

Resources