Imagine, you're having SPA.
The website never gets refreshed for the new data is always fetched via ajax.
It means that your users may not refresh the website even in 7 days in a row for example (I mean, you just close your mac with a chrome open, on the next day you open computer, open website and continue working).
The user has not refreshed the website in 7 days in a row, but you made lots of updates and bug fixes.
How would you go about such situation?
Related
I am facing very interesting issue and I am not sure what can cause this. I am using SSO SAML for authentication to the system and IE11 as the browser to access the application. After some time (e.g. 5 min) the session terminates and it is renewed and it is a background process. Somehow only in IE, the session is not renewed until I maximize the browser and do some user action (after that it works). Other browsers are not affected and everything works in background properly. Do anyone know what can cause the issue in IE that the browser needs to user action?
Very weird issue.
Im logged into Laravel app with 2 different users in Chrome and Chrome Incognito.
When I submit {any} update form it logs the other user out when I refresh.
The user that I submitted the form with is still logged in.
When simply browsing around both users remain logged in.
Environment
Windows XAMP
session drive = redis (I have tried changing this to see if it helps)
UPDATE:
Same thing happens when logged in from 2 seperate browsers - Chrome / IE
I presume something in the Illuminate\Http\Request class causes this behavior.
UPDATE 2
Keeps both users logged in when I select the "Remember Me" option.
similar issue: https://laracasts.com/discuss/channels/laravel/laravel-not-reading-session-cookie-on-form-post-in-chrome-when-logged-in-with-remember-me
Hints to being XAMP bug - using different dev environment solved it.
I think with it being such a weird issue - and not many people experiencing it must be a issue with my specific environment.
The sessions in PHP use a cookie (created automatically) that is stored by your browser, is very posible that the mode igcognito that you are using delete this cookie whe you refresh the page.
When starting the first Incognito window, it uses a completely brand new and blank internal profile that has no cookies nor session data. Any cookies or session info are set immediately during that session. Further Incognito windows opened all share that same session, so they share the cookies/session data.
I'm writing an asp.net Web Application. I wrote a login page that authenticates a user and stores their UserID in the Session["UserID"]. Every page in the web application will check for a valid Session["UserID"]. If not valid, then redirect the user to the login screen.
This works great, but it's slowing down my ability to debug every page on my website. Each time I make a change to a *.cs file, I need to press F6 to rebuild my solution. Doing this destroys my session, which means I need to go back to the login screen, type my username and password, click to the page I was working on, do my tests, make code changes to my code, and repeat.
Is there a way to keep my session alive everytime I re-build my solution so I don't have to go to the login page every single time?
Unfortunately, I don't know that you will find any way around this limitation. Every time you build your project, you are going to trigger a restart of the web application. Even if you were to use a persistent store for keeping sessions, you're going to lose the session cookie being set in your browser.
You could add a "remember me" feature to your app. You'd need to do a little reimplementation, in order to keep the information about the current user authentication in a data store that is less volatile than ASP.NET session state. Also, you'd store the index to that information in a cookie that is more persistent than a session cookie.
That's the best I can think of, or at least it's the best I can think of without some significant extensions to the .NET security providers. However, take it with a grain of salt -- I've never tried to solve this particular problem before, and I hardly consider myself an expert in all things ASP.NET session-related.
The reason why you lose your session is because your application is restarted when you write to the application folder. In fact the same thing happens when you publish your application, every user currently logged in will lose their session.
This is intentional because they have no way of knowing that the DLL's you were using in your page are still there or not. So instead they monitor the folders themselves and trigger a restart when you write to them.
There is no workaround for this. It's in fact a feature that saves you time (most of the time), imagine tracking down memory corruption errors because the pointers moved around in your code!
We have a CodeIgniter based SAAS application. Sessions are stored in the database.
We use this class as a replacement for CI sessions
With one specific customer ( same office, multiple users, same IP ), the session is getting reset or destroyed on a page refresh.
This has never happened before with any other users or from other location. I am not able to reproduce this issue.
Steps:
User Logs in & sees home Page.
User begins navigation by clicking some link
Session times out and they are prompted to login again
And this continues after each login.
Session expiration is set to 3000 s and time_reference is GMT and sess_time_to_update = 300 s.
Any help on how to go about investigating this issue will help.
This happens in IE , Chrome and therefore does not seem to be a browser issue.
This same set of users have never had this issue before.
check the size of the session cookie. maybe it is larger than the allowed size > 4096. I know it's a long shot, but try it out nevertheless.
I am writing my first FireFox extension and I have some questions. Maybe someone can help.
I have a website which requires login. The sign-in is one user per login type. So if I am logged with the username "tom" from one PC and go to other PC and try to login with the same details, it fails. When I click the log-out button from my authenticated page, the new location executes a PHP function to log-out the user (updates the "logged" status of the user in MySQL). The problem is that if a user is logged in from his work desk and surfing the page then suddenly he gets a call by a friend to quickly grab lunch in his break and has to meet him in short time, he just clicks the X (close) button from Firefox, forgetting to press the log-out button so the status of the logged is still 1. Later on, if he wants to access the page again from home, he won't be able to log in.
So, I need to grab the "close" event from firefox somehow. I am thinking about looking for the ones that contain the "website.com" domain only. Then, if a tab is closed or the main window of Firefox is closed, send an unique key, and the username to that URL that logs out the user and the problem may be solved. I don't know if this is possible. Please post any idea (followed by code if you can) for this extension to be built.
Thank you.
By design, this is wrong.
If a user's PC crashes (harddisk failure, power failure) your plugin won't be able to log out the user. And so, the user won't be able to login on any PC.
--
Let's revisit the premise,
a. why does logging in from another PC need to fail?
b. How about invalidating the login from the previous PC (log out) when the user logs in to another PC. THis is kind of like how chat applications like Yahoo! Messenger work.
From your answers, here's what i would suggest: if the user is logged in on another PC, warn and present the user with options:
cancel logging in
forcibly log out the other user and proceed to logging in
Logging the user out after a certain time of inactivity is the (application or web) server's responsibility, not (only) the client-browser's. This is called a session timeout.
You might be able to avoid the timeout by a browser implementation as you describe it, but this should not be the primary solution.
Here's an off hand approach you might take:
In your case I would include a timestamp in the table where the 'locked' state is stored. Every time a user does an action that timestamp is updated. When you try to login again ad the timestamp is older that a certain threshold (e.g. 15min) your login code should silently logout the previous user.
In order to receive a notice about the tab being closed, you'll want to do something like this sample code. However, instead of listening for load, you'll want to listen for unload.
When you do end up getting notified about unload, you'll have to do a request to the logout page just like the web application does. You can figure out what the location of the document that is unloading is by checking aEvent.originalTarget.location.href. Note that aEvent.originalTarget will give you the document object of the tab that is closing. You'll then want to use an XLMHttpRequest for this in your event handler.
You could use ajax that would ping a page on the site - all the session info will be passed and you can verify that the user still has an active browser/page open. If Firefox crashes it won't be able to ping the website anymore and the session could time-out after 15 minutes. I think that allowing a forced logout on another sign-in would be best. Usually when I leave work at the end of the day I wouldn't close all the programs or logout or anything - just lock my computer to prevent anyone from using it. Next morning I come back with all my programs still running so I can continue where I left off.
BTW, Yahoo Web messenger probably uses some form of session-based cookies. That is, cookies are stored in memory and are gone when the tab or browser are closed.
Just enable to the user to re-login from another machine. And if you get a request from the user on first machine, ask him to re-login too. So you get a single logged in user at a time.