I am using custom renderer for WebView to send headers in request in my PCL project. I am sending session token and i dont need to type password and login name. Thing is when I start to navigate in webview it throws me to the login page and makes me login. When I login normaly it saves session.
My question is how can I save session when I accesse the page using session token?
Related
Another site is embedding my app (Laravel + Vue SPA) in an iframe. After the other site sends my app the user's information server-side, I create a JWT for that user (all server side) to be used on my site for authentication. I then pass the information back to the browser to log in the user. I've read that passing back the JWT in the URL isn't secure, so my plan is to:
Store the JWT in my database and just send the index back to the client
Put the key in localStorage (while in the iframe of the other site)
Allow the user to open my site in a new window, then use the key to query my database, get the JWT and log in the user (I was having issues keeping the user logged in when opening the new window which is why I'm going through this process)
I then refresh the JWT, delete the old JWT from my database and delete the index from localStorage.
Does this sound like a secure approach?
In a spring security application i am navigating to the login page and entering my credentials and getting logged in.Now again if i open a new tab in the same browser and navigate to the login url it shows me the login page.If I enter another users credentials and login my previous Jsession ID(ie: the one created in the previous tab) is getting overridden with the new jsession id.Upon refreshing the previous tab the session is overridden.
I want to implement that if a user is logged in already in the application, upon navigating to the url again in another tab on the same browser the homepage of the application should open.
Please advise as how I can accomplish that?
Since the server uses the cookie to map to the current session, you'd have to control how the browser sends cookies. Every time a request is sent to a website from a new tab, most browsers will send all the cookies it has for that domain. Since your server received the same session cookie, it will treat this request as being in the same session. There's no way it can tell the difference.
Therefore, as far as cookie-based web sessions go at least, you probably won't be able to force the creation of a new session upon opening a new tab.
I have stored the login detials into a cache file by using these lines in the login process.
intel.xdk.cache.setCookie("userid",username,50);
intel.xdk.cache.setCookie("password",password,50);
I want the app to remember credentials so I thought somehow I have to get them while in init-app.js file and forward to content page .
Which method should I use to forward to specific page in js by passing the index.html page?
And is this the appropriate way to do cache authentication?
Instead use localStorage.setItem("password", password); and retrieve it using localStorage.getItem("password");
Don't store passwords in localstorage. What i do,
User authenticates using username and password from app
Server authenticates the request and sends a token (Json Web Token) which is then stored in localStorage
The app will then query the User's profile using the token
I am struggling with something and I am not sure if this is possible or not with the current WP7 API. Basically my WP7 App uses WebRequest class to issue web requests to log into a third party website using username and password credentials of the user. I store session state/cookie information in a CookieContainer object so that I can make further requests for data from the web site and this all works fine, pretty standard scenario so far.
But what I would like to do now is offer a link to take the user to the secure area of web site without needing the user to log in again when accessing the site from the phones browser. If I simply call a webbrowsertask it takes me to the website but the browser has no knowledge of the cookies I stored in my app so the web site redirects the user to the log in page. What I need/want to be able to do is provide the CookieContainer object I have stored from my app requests through to the webbrowsertask so that I can go straight to the page I want.
WebBrowserTask webBrowserTask = new WebBrowserTask();
webBrowserTask.URL = "https://www.xxx.com/loginarea";
webBrowserTask.Show();
Any suggestions/thoughts on how I can do this?
Thanks.
I don't think you can get the cookies to the main IE web browser
However, if you were prepared to host the browser control inside your app, then you should be able to inject the cookie values using javascript.
i'm trying to login and logout users within the tomcat/blazeDS environment. I wrote a custom Java Login Proxy to handle the login which works. As i tried to logout user i.e. invalidate Sessions i realized that the Flash Application gets a new Session Id (new Session) for every call of the AMF channel. What happens is that if i try to invalidate a session its useless because the next call will be new and valid with the same user credentials again.
How can i logout a user from a Flex Application / Tomcat context then? I cant't find good examples without custom Authentication.
Thanks
Andreas
You would have to pass the session id from Flex to the Java backend and have the backend invalidate the session to log out the user.