In Joomla! 3.6, we're trying to force a user to the login screen from the admin section if their session has expired, but without any user input. By default, Joomla! will send people to the login screen if they attempt to load a page after their session has expired. This is something we want automated so if someone walks away and forgets to lock their system, the current page(s) can't be accessed if the session times out.
My initial attempt around this was to run a timed JS loop in administrator\index.php and have it make an AJAX call to an external PHP file that could query the session table. However, including jQuery at such a high level causes many other references to break due to it being included more than once. Due to how the default redirect action works, all this really needs to do is force a page refresh.
Is there a better way or location to do this without breaking existing code?
This required two things to fix.
1) Add
// jQuery needed by template.js
JHtml::_('jquery.framework');
2) Change $.ajax to jQuery.ajax
Related
We have an ember single page application. On a specific page, while clicking on a hyperlink, I want to open a specific route in the new window.
The problem here is, it starts downloading all the js files (main.js) and authenticating the session and then only it is loading the route. This is taking too much time and giving a poor user experience. Since the hyperlink can be clicked only when the user is already logged in, is there a way to avoid downloading all the js files and authentication in ember? Something like a child window of the current window, so that the route will be loaded immediately.
is there a way to avoid downloading all the js files
They should be cached by the browser unless you have your server set headers to not cache your JS files.
But maybe the files are loaded from cache but the delay you are experiencing is the parsing and execution of your scripts. This cannot be avoided with a SPA.
You could shorten the perceived delay by using server side rendering via FastBoot. This will mean the route is immediately rendered, but the user won't be able to interact with it fully until all of the client-side scripts have been executed.
authentication in ember
I don't think this adds much delay as it should just be checking a cookie or HTTP header as you are already authenticated in another window.
Something like a child window of the current window, so that the route will be loaded immediately.
As you have a SPA, you should try to avoid opening a new window as everything is already loaded in the current one. And the user can easily return to the previous page via the browser back button and this too should be almost instantaneous.
Is there a particular business reason why it has to be in a new window?
This is a really strange problem. I have an application that I build using Codeigniter 3, HMVC, and Ion Auth. It was working well until I migrated it from one server to another. Now the data in the session is cleared after 3 navigations.
I tested it by logging into the application and watching the data field in the ci_session table as I navigated. I made it as simple as possible. I perform a browser refresh from the view I reach after login. On the third refresh, the data disappears from the database for my session and the application sends me back to the login page (application checks to see if the user is logged in). I even waited awhile (less than the 7200) to see if it was a time out and the time between refreshes does not seem to matter. I did not add code, because I do not know what code would help.
Does anyone have an idea what setting may be the cause?
Some time Codeigniter Session not working it has problem with PHP version
Change Your Server PHP Version.
Here is my Gwt App, I have many pages: CustomerPage, OrderPage,... Each of these pages will have a header that have a Login Panel on top & its own content in the middle like this:
1- Customer Page
____________UserName...... Password....... Login
Customer Content here.....
2- Order Page
____________UserName...... Password....... Login
Order Content here.....
This means user can sign in in any page, they don't need to go to homepage to sign in.
Then here is my question, When user is in a certain page (ex: CustomerPage) & if they Log out then:
1- Should I refresh the whole page or redirect users to a Logout Page, so if they want to reopen the CustomerPage, then the page will have to go through all the Initializing processes (onBind-onReveal-onReset...)
2- Should I just let user stay where they are, and when user clicks logout button then system will reset variables. By doing that, then if user logs back in, the page will run faster cos it doesn't have to go through all the (onBind-onReveal-onReset...). However, if i do that then it quite difficult for me to reset all the variables. I have to remember which variables already initialed at the time the page got loggined & try to reset it to null or empty string. If i miss resetting just 1 variable then i will have trouble.
Some big site like Google or Facebook are using the solution 1, ie when user signs out it will redirect to new page or go back to homepage.
Also If adopting the solution 1, then i just need to call Window.Location.reload(); & it will reset everything. Even user clicks Back Arrow, they won't be able to see the old data since everything was reset.
So:
Is it Good Practice to redirect to a new Page or staying at the same page When user logged out (GWT)?
When users click on a Logout button, they expect that they can walk away from a computer. If you continue to show the same page, someone else might gain access to the data.
The universally accepted approach is to hide all data (i.e. redirect to the login/home page or close the app completely) when a user logs out. That's what users expect, and this is what you must do.
It depends what you've got loaded into the browser. Log in/out via a page refresh will be slower and present lag to your user. If you properly cleanup after yourself on logout (delete server side session, unbind presenters, clear caches) then it is really optional to refresh the page.
The universally accepted approach is to hide all data (i.e. redirect
to the login/home page or close the app completely) when a user logs
out. That's what users expect, and this is what you must do.
If your session management server side prevents any RPC's once you've logged out, and you no longer present/cache data, this is not an absolute necessity. Use digression based on your app needs, size, load time, and the sensitivity of the data it conveys.
I can't maintain session surfing through a website once logged in.
I do can successfully login on the site (i specify that whatever the page is, after the login you will be redirected to the homepage) but then I have to move to another page. First I tried with page.open() then with page.evaluate changing the location.href window property, but in both cases unfortunately the result is that I'm not logged in anymore. I traced the login status just rendering the page on every page load event with incremental png names (1.png, 2.png, etc) . I also tried with --cookies-file=cookies.txt param but it didn't help much.
My questions are:
What is the best way to "move" through site pages with phantomjs?
Is there a specific way to handle sessions in these cases (maybe sending cookies manually on each .open(), just saying)?
Thanks for help.
Sessions require cookies. You have to add an extra argument in phantomjs.
--cookies-file=/path/to/cookies.txt
Look here for more info.
Edit :
Does your cookies.txt contains something ?
I had issues with the cookies file approach. The file would be written, and I could see "cookie information" in the file, but future requests would be interpreted as unauthenticated. As a last ditch effort, I simply took the page.cookies array, serialized it to JSON and saved it to a file. My next script would open the file, deserialize it to a variable and set the page.cookies to the variable. Sure enough this worked! Just thought I would pass it along.
I've got a form that has, among other things, a preview button and a submit button. Let's say that the form contains a person's data. Clicking preview will submit the form to example.com/preview and get it opened in a new tab. The preview controller will insert the person's data in a table and, based on the value of LAST_INSERT_ID(), it will redirect to example.com/person/ID. When the redirect occurs, all session data is lost. I want to be able to keep session data so that, upon checking the example.com/person/ID page, the admin user can close it and do some changes to the form or submit it.
I've noticed that storing the session id in a flashdata item won't work, it won't get past the redirect. Also, if i somehow manage to get the session_id past the redirect (although adding it to the url is not what my client wants), I still don't know a way to regenerate the Codeigniter session with it. Another option I've looked into is using Codeigniter Native Session class, but the version I've found on the site is not for Codeigniter 2.0.0.3, and I'm afraid that using it might break something.
Any advice is much appreciated.
The solution was to change my ci_sessions database table fields' collations to utf8_general_ci (the default was latin1_swedish_ci)