We have an SCA Mont Blanc site setup with product MSRP showing to users who aren't logged in, and specific customer prices showing to users who are logged in.
But we've run into a strange glitch whereby a user who logs out will still see his or her specific pricing. This is an issue because it confuses customers into thinking MSRP is lower than what it really is and typically happens the 2nd time a user logs into the website from within the same browser terminal (i.e. if you open a browser, log in and log out, the problem doesn't appear... but if you login again the site doesn't logout properly).
The only solution I have now is to tell users to clear their browser cache after they log out, but some people aren't used to doing that and it's not really how the site should operate.
Does anyone have a work-around or fix for this problem? Is there something I can add to the logout.ssp file to help resolve this?
A workaround would be to clear the cookies related to your site as explained here.
Related
I've developed an app in laravel and sentry2 as ACL. Login occurs through SAML.
Whenever a user logs in from SAML is redirected to my app where I check server variables, and if credentials are correct I let him pass to the site with sentry.
My issue occurs when I try to log in with the same account in two different browsers. Looks like when I log in in the second browser the existing session in the other browser gets overrided.
I've found out this looking into sessions table:
http://pastebin.com/6iEnRkEs
Any ideas? Will appreciate your help on this very much.
Thanks a lot!
Pablo
EDIT:
The idea would be that the app work like gmail/fb that allows the user to be logged in both browsers at the same time.
It's correct the way it is.
Different browsers different sessions. This is a security feature/matter every single app should enforce.
If you log in a different browser how could Laravel tell if it's not a different person login in from a different computer in the same network? Log someone off in this case it's also the correct thing to do, because if some kind of exploit is happening, user will see something is wrong and, maybe, change his/her password.
Some (ie: banking) also do: different browser tabs, different sessions, but this is not the Laravel case.
does anyone knows why the link to Help Desk is not displaying in the user section of Magento?
Is there something I am missing?
I have installed correctly the extension, and on the back end I can see all the options are fine.
Also the help desk section in backend is fine, but nothing showing on the front end.
Thank you for the help.
This is a pure guess in the dark, but
Does the user you're logged in as have the ACL role for this menu?
If you're using an admin/super-user account, have you logged in and logged out? This is sometimes necessary to rebuild the ACL roles, which are cached in the admin user's session object.
I have this website that I developed. It is acting weird. I logged onto it and now it seems that I can't logout of it. It has session which I don't know how it can still maintain after logging out and also in different browsers and even in incognito.
The weirdest thing is that if you open it in your browser you get same session state. You can't do anything with it. But it is jut there.
What is going on?
Go to this page, it shows some user logged in. click Add and it asks for credentials again. Like an endless loop.
http://krninstitute.com/krnitech/Forms
Then go to this page, it shows other user logged in. Go to the end of the page.
http://krninstitute.com/krnitech/Gallery
This question requires these external links.
But here are images just in case:
Edit 1:
What is causing every request to end up with session cookie? I don't have any cache implemented. Does it have something to do with recent GoDaddy crash?
Edit 2:
Questions are 1. how can you see who is logged in on the application? I haven't implemented such functionality. And 2. how there are two people logged on from same browser window?
Session and Authentication are two different things. When you use FormsAuthentication to login and logout, it does not change the session. You must abandon the session in addition to logging out to do that.
Session.Abandon();
Be aware that the session will still be there until the end of the request, so you should probably immediately redirect to a default page afterwards.
As a novice developer at best, I have been tasked with implementing Facebook connect with my Magento 1.4.1.1 website. I have read extensively online and don't find much help with my problem, and I see many people have the same issue so perhaps everyone can learn.
I inserted the SDK script into my header, set up my channel, and my Facebook app. Everything seems to work nicely right now, however I am lost on converting the Facebook login into an actual Magento login. I understand that my code speaks with Facebook and authorizes my website, But I don't understand how to pull user permissions into my Magento database and store the information. Currently you click the "Login with Facebook" button, it pops up asking for the permissions. I don't know how to save this information to my database and allow the user to connect and login successfully.
I think I may need to add some more code somewhere telling Magento how to store this information?
Any advice or links would be greatly appreciated.
You can use free extension Facebook Connect and Like Free from BelVG company.
This is a really strange issue and not directly "programming" but I'm hoping this is an okay place to ask.
Basically I have a user on the forums I run where they basically log in and are immediately being shown the public forums only. The forums are updating the "last login" field for this user so authentication is working fine. The really strange part that might also indicate the problem is that this issue occurs in IE, Firefox, and Chrome.
The user has tried other accounts and the same problem happens -- but when using another computer in the same house (same network), everything worked fine.
I'm sorta' stumped on what could cause this when it applies across all browsers.
Their computer isn't accepting cookies. SMF holds it's session data in the cookie. It will use the db to keep track of who's online, so they might appear on the list but without the cookie the session is over