How to keep account active in WIX despite closing tab - velo

I currently created a website in WIX platform and it contains a login and registration web pages, but my main problem is once I logged in and closed the tab, it tells me to login again, my question is there a way to keep the login account active even when I close the tab?

Related

Username and password integrating application with Microsoft Teams

I'm having trouble with Microsoft Teams in the sense that I does not recognise my username and password that I enter in my application. I'm able to get my application to display inside the Teams page, but when I capture my username and password, Teams re-display the login screen. I'm using asp.net core identity framework to authenticate my users.
When I add [anounamous] tags to my controllers, it's possible to navigate to those pages. But anything that is not decorated with [announoumus] will force me back to the login screen and then Teams does not recognise the login details.
It is as if it does not know how to read the information in the cookie.
I'm able to load the manifest.json file without any issues, then select the page to display on the Team Tab. But when I try to navigate to a "restricted" page that requires my user to be logged in, Teams display my login page.
Below is a link to the Manifest file if anyone is able to help: dropbox.com/s/wxw3xtk1458blbu/Ezymapps.zip?dl=0

Dynamics 365 CRM Portals. Rich-text editor missing

I work with Dynamics 365 Portals.
The rich-text editor is missing, how do I get it back?
I (my user) have all four webroles, including administrator. I am logged in. I have tried to clearing all cashes and reboot the portal itself. My coleagues are also unable to see it. Nothing works.
Any help is appreciated.
Thank you.
Few things to check.
There should only be a single Authenticated web role and a single Anonymous web role. You don't need to assign these web roles to your user, they are applied automatically by context.
Check you have a web page access control rule setup to grant change, that is linked to your Administrator web role.
Make sure you clear the server side cache.
Sorry, I do not have enough reputations to comment.
I am assuming that you don't see the front side editing tools.
9 out of 10 times, this is typically to do with the cache not clearing properly. Could you changing something on the webpage and check if the cache is clearing properly and the newest webpage content is surfacing on the portal?
Also, by default, the "Administrator" web role is associated with the appropriate "Website Access Permission" to provide you with the front side editing capability. If for some reason, the Website Access Permission is not associated with the Administrator web role, even if you belong to the Administrator web role, front side editing capability will not work.

Google Marketplace domain application data access/revoke

I am not sure how to correctly handle Google domain application access/revoke. Situation is quite standard:
domain admin installs an application through marketplace workflow (scopes, setup url, ...)
application is than listed in admin console for domain (https://admin.google.com/AdminHome?fral=1#AppsList:serviceType=MARKETPLACE)
everything works fine, users can access app
at some moment, for some reason admin revokes application data access through the admin console for whatever reason (application is not deleted, only "disabled")
since than, as there is no privilege granted for app in domain, every user who accesses the application is redirected to error page
And here comes the question - how to properly detect and handle this. As some Google docs say, app should re-request required privileges through consent screen (approval force param).
But as my tests show - when user (admin or non-admin) accepts scopes needed on consent screen, application on admin console is still displayed with no data access.
But the same application is instead listed in user's connected apps (https://security.google.com/settings/security/permissions), even it is domain-installable app!
So do I programmatically handle this situation. Is there a way, or should I just redirect (admin)user to admin console to manually turn data access for that application on?
BTW, after marketplace installation, "sometimes" another consent screen pops up first time visiting app url - which obviously requests same scopes as marketplace listing - why is that?
On that case, application is dually listed like in previous case - in domain and in user's connected apps.

Do we need to wait after an admin accepts an app marketplace scopes for his domain in order to avoid consent screen?

We are integrating our app in the new Google Marketplace.
Our marketplace config in the developer console is ok.
Our oauth2/sso flow is ok (scopes match the ones setup in the console, auth params ok)
All users, when accessing our application through the Navigation bar, don't see any consent screen. All is perfect … except the following :
when an admin user is installing our application for his domain for the first time, he is presented with the domain consent screen displaying the scopes defined in our marketplace config, which is fine, he accepts and is presented with a button "Launch app". This link hit our server and a redirection is made to google auth in order to get the email and profile of that user. The redirection happens quickly that the admin is presented with yet another consent screen displaying the exact same scopes … which is bad.
If we wait 10 - 20 seconds before clicking the 'Launch app' button and after having accepted the scopes for the domain, the redirection to google auth is done and no consent screen is presented to the admin.
Are we missing something? Some sort of pooling technique with callback? "Sleeping"?
The same happens with other apps available on Google Apps Marketplace.
I installed several apps from Marketplace (Mavenlink, Lucidchart, etc), and they showed exactly the same result. I was prompted with consent screen immediately after installing them. A bit later, and I was let in without prompting.
It seems that the information on the installed app is not immediately propagated through Google system. There is a short delay between the time the administrator installs an app to his domain, and the time that app becomes available on his domain.
Most users wouldn't mind to wait a minute after the installation. Unfortunately, a reviewer at Google is not that forgiving. If he is quick enough to start your app immediately after the installation, your app will be caught asking for consent, for which it will be rejected from Marketplace. Too bad.

Firefox extension to log out user after the page has been closed

I am writing my first FireFox extension and I have some questions. Maybe someone can help.
I have a website which requires login. The sign-in is one user per login type. So if I am logged with the username "tom" from one PC and go to other PC and try to login with the same details, it fails. When I click the log-out button from my authenticated page, the new location executes a PHP function to log-out the user (updates the "logged" status of the user in MySQL). The problem is that if a user is logged in from his work desk and surfing the page then suddenly he gets a call by a friend to quickly grab lunch in his break and has to meet him in short time, he just clicks the X (close) button from Firefox, forgetting to press the log-out button so the status of the logged is still 1. Later on, if he wants to access the page again from home, he won't be able to log in.
So, I need to grab the "close" event from firefox somehow. I am thinking about looking for the ones that contain the "website.com" domain only. Then, if a tab is closed or the main window of Firefox is closed, send an unique key, and the username to that URL that logs out the user and the problem may be solved. I don't know if this is possible. Please post any idea (followed by code if you can) for this extension to be built.
Thank you.
By design, this is wrong.
If a user's PC crashes (harddisk failure, power failure) your plugin won't be able to log out the user. And so, the user won't be able to login on any PC.
--
Let's revisit the premise,
a. why does logging in from another PC need to fail?
b. How about invalidating the login from the previous PC (log out) when the user logs in to another PC. THis is kind of like how chat applications like Yahoo! Messenger work.
From your answers, here's what i would suggest: if the user is logged in on another PC, warn and present the user with options:
cancel logging in
forcibly log out the other user and proceed to logging in
Logging the user out after a certain time of inactivity is the (application or web) server's responsibility, not (only) the client-browser's. This is called a session timeout.
You might be able to avoid the timeout by a browser implementation as you describe it, but this should not be the primary solution.
Here's an off hand approach you might take:
In your case I would include a timestamp in the table where the 'locked' state is stored. Every time a user does an action that timestamp is updated. When you try to login again ad the timestamp is older that a certain threshold (e.g. 15min) your login code should silently logout the previous user.
In order to receive a notice about the tab being closed, you'll want to do something like this sample code. However, instead of listening for load, you'll want to listen for unload.
When you do end up getting notified about unload, you'll have to do a request to the logout page just like the web application does. You can figure out what the location of the document that is unloading is by checking aEvent.originalTarget.location.href. Note that aEvent.originalTarget will give you the document object of the tab that is closing. You'll then want to use an XLMHttpRequest for this in your event handler.
You could use ajax that would ping a page on the site - all the session info will be passed and you can verify that the user still has an active browser/page open. If Firefox crashes it won't be able to ping the website anymore and the session could time-out after 15 minutes. I think that allowing a forced logout on another sign-in would be best. Usually when I leave work at the end of the day I wouldn't close all the programs or logout or anything - just lock my computer to prevent anyone from using it. Next morning I come back with all my programs still running so I can continue where I left off.
BTW, Yahoo Web messenger probably uses some form of session-based cookies. That is, cookies are stored in memory and are gone when the tab or browser are closed.
Just enable to the user to re-login from another machine. And if you get a request from the user on first machine, ask him to re-login too. So you get a single logged in user at a time.

Resources