I have 3 sessions -
1- USER
2- LANGUAGE
3- COUNTRY
When session expires - user is redirect to login and receive a message: "You are disconnected by inactivity"
Its ok. but..
MY ISSUE:
Because I lost session - I lost ALL 3 Sessions - and I don't know the LANGUAGE and COUNTRY of the user.
Then I Always print an English alert (default language)
What I want:
A way to control de timeout of each session. With this I can expires User Session first - and get the other two parameters to print the right language.
Is it possible?
I know how to expires - but ALL sessions..
tks!
Use cookies, so you can control the time, even if the user closes the browser
Response.Cookies("name_cookie")("language") = 1
Response.Cookies("name_cookie")("country") = 1
Response.Cookies("name_cookie").Expires = now + 365
Related
I have problem to make my application is not logged out user on activity
I have code like the picture above
as we know, modify the cakephp session is able by that code
"timeout" values is used to set how long session will be expired in a minutes. and the "autoRegenerate" value is used to renew the timeout value
and the last is "cookieTimeout" is used to set how long activity allowed
the crux of my question is how to auto regenerated the cookieTimeout cakephp in core.php (like renew "timeout" value with "autoRegenerate" => true)
Thanks in advance
there are 2 values in the config file for codeigniter session which i do not fully understand and hope someone can enlighten me, thanks.
# the number of SECONDS you want the session to last.
# by default sessions last 7200 seconds (two hours).
# Set to zero for no expiration.
$config['sess_expiration'] = 7200;
Q1) Will the application logout the user when the time(2 hrs after login) is up even though the user is still actively using the application?
# how many seconds between CI refreshing Session Information
$config['sess_time_to_update'] = 300;
Q2) Does this value affect the (Q1) senario?
The $config['sess_expiration'] is how long it will take before the session expires if there is no activity by the user on the session. $config['sess_time_to_update'] will update the expiration time every 5 minutes while the user is actively using the session.
So if the user logs in, has an expiration of 2 hours, and navigates around the site for 30 minutes and then leaves the site, they will have 2 hours from that point to visit again without needing to log in. If they do visit in those 2 hours, the expiration time will be reset to 2 hours from that point. If they don't visit again, they'll need to login.
Therefor if they are using the session they will not be logged out after 2 hours.
I have a webservice that stores an authenticated users token in the HttpRuntime.Cache to be used on all subsequent requests. The cached item has a sliding expiration on it of 24 hours.
Secondly I have a vb.net app that is pinging this webservice every 15 seconds. It gets authenticated once, then uses the cached token for all subsequent requests. My problem is that the application appears to lose authentication at random intervals of time less than the 24 hr sliding expiration. However with it getting pinged every 15 sec the authentication should never expire.
I am looking for a way to view the HttpRuntime.cache to try and determine if the problem is in the webservice security methods or within the vb.net app. Can I view the HttpRuntime.cache somehow?
The webservice is part of a web forms site that was built with asp.net 2.0 on a Windows Server 2008.
The name of my key's were unknown as they were system generated guid values with a username as the value. So in order to view a cache collection that was unknown I used a simple loop as follows.
Dim CacheEnum As IDictionaryEnumerator = Cache.GetEnumerator()
While CacheEnum.MoveNext()
Dim cacheItem As String = Server.HtmlEncode(CacheEnum.Entry.Key.ToString())
Dim cacheItem2 As String = Server.HtmlEncode(CacheEnum.Entry.Value.ToString())
Response.Write(cacheItem & ":" & cacheItem2 & "<br />")
End While
Hope this helps others.
First off, HttpRuntime.Cache would not be the best place to store user authentication information. You should instead use HttpContext.Current.Session to store such data. Technically the cache is allowed to "pop" things in it at its own will (whenever it decides to).
If you actually need to use the cache, you can check if your item is in the cache by simply doing:
HttpRuntime.Cache["Key"] == null
Apart from the Home page Suppose there are 2 pages i.e page A ,Page B , first step user have to login, then if that user have the permission to view page Page A ,Page B then he can go to those page else on clicking those page name from the top navigational bar user will remain in the home page.
1 login
2 Home [If Login Successful]
|
Check if have permission to view --------- Logout
|Yes
2 Page A
|
Check if have permission to view Page B --------- Logout
|Yes
3 Page B
|
4 logout
Suppose there are 3 users ,i.e user 1 , user 2 and user 3. Now User 1 have the permission to view both page A , page B but user 2 have the permission to view only page A and user 3 do not have the permission to view any of this two pages.
i have used assertion under the page A sampler , page B sampler to check weather correct threads are accessing this pages or not that is system is allowing only the authorized person or not.
in the thread group i have opted if error occur then " stop thread " , thats why if any thread fail to assert then it is not getting counted in the future , thats why in the logout sampler only 1 thread is showing, and that thread is for user 1 because this user have the permission to view both page A ,B . and user 2 and 3 are not considered as they have fail assertion in the previous stages. so is there any way out that in the logout page i can send all those thread which have cleared the login section successfully irrespective of there view page permission.
so at the time of logout in the logout page for user 1 in the referrer field it will show the link of page b but for user 2 at the logout page referrer field value will show the link of Page A. and for user 3 it will be home page.
so can any one please tell me how the referrer field value can be change dynamically based on user permission in the logout page .
This is a possible scenario, as I don't know how you are checking the permissions of the logged users.
HTTP Request - Login
Regular Expression Tester - capture an expected value to validate login
If Controller - If Login OK
HTTP Request - Home
Regular Expression Tester - Referrer to Home (Headers option maybe)
HTTP Request - Page A Permission Verifier
Regular Expression Tester - extract permission validation value
If Controller - If user has permission to Page A
HTTP Request - Page A
Regular Expression Tester - Referrer to Page A (Headers option maybe)
HTTP Request - Page B Permission Verifier
Regular Expression Tester - extract permission validation value
If Controller - If user has permission to Page B
HTTP Request - Page B
Regular Expression Tester - Referrer to Page B (Headers option maybe)
Http Request - Logout
HTTP Header Manager - Referrer: ${referrer}
I have a ACL+auth driven app. Everything works fine but I discovered that user is logged out after a random period of time. After doing some research I discovered that the cookie set once doesn't change it's expiration date on page refresh. So it goes like this:
I set up manually expiration time to 1 minute (Security.level low (with some changes in cake/libs) and timeout 60)
19:00:00 - user loads the page - cookie is set up
19:00:05 - user logs in (cookie doesn't change the expiration date)
19:00:30 - page refresh (cookie doesn't change the expiration date)
19:00:55 - page refresh (cookie doesn't change the expiration date)
19:01:05 - page refresh - user is logged out... (cookie expired after 1 minute)
So the problem is the user gets logged out after 60 seconds from setting a cookie in instead of 60 seconds of inactivity. Does CakePHP deal with cookie files automatically? Or do I have to take care about it myself?
All I did is set up a cookie name in config/core.php and setup auth. I don't have any cookie handling function, but the cookie is created itself - correctly, just isn't updated
I had the same issue and countered it with the following code which is called on every page load and ajax call.
if(isset($_COOKIE[Configure::read("Session.cookie")])){
$session_delay = Configure::read("Session.timeout") * (Configure::read("Security.level") == "low" ? 1800 : 100);
setcookie(Configure::read("Session.cookie"), $_COOKIE[Configure::read("Session.cookie")], mktime() + $session_delay, "/");
}