I'm trying to create an online chat program for my web users to speak to a salesperson live. I use an ajax jquery command to refresh the chat, which is stored in a database. The problem I'm running into is it is losing the session variable that identifies the user on the ajax call, but it only seems to do this to some users. Is there some setting for coldfusion that I'm missing?
Should I have any specific settings set in my CF Administrator?
<cfapplication name="Chat Room"
clientmanagement="Yes"
sessionmanagement="Yes"
sessiontimeout="#CreateTimeSpan(0,1,0,0)#" >
<cfset session.UserID = #new_session.UserID# >
window.onload = function()
{
setInterval("ReloadChatWindow();", 2500);
};
function ReloadChatWindow()
{
$.ajax({url: "messages.cfm", success: function(result){
$("#ChatLog").html(result);
}});
$("#ChatLog").scrollTop($("#ChatLog")[0].scrollHeight);
}
new_session.UserID# is just from a database insert (the user provides their name and I assign them the userID.
Only one domain uses the session, there are no cross domain calls.
Session variables expire so you need to check if they are available before you can use them. In your messages.cfm file you have to check if the user still have a valid session and if it doesn't redirect them to the login page. If they do have a valid session you can update the messages.
Related
While developing a self-contained exist-db app I ran into some issues with passing on the user's identity during an ajax call.
I have created a standard page that allows the user to login in with his or her standard exist-db account. (It's more or less based on this https://github.com/eXist-db/existdb-login ).
At some point, the users need to create their own entries and upload files, and this is done with an ajax script (I'm using Kartik's bootstrap uploader, but it's basically a standard ajax upload function):
$('#input-24').fileinput({
uploadUrl: "../modules/uploader.xql",
uploadAsync: true,
fileActionSettings : {
uploadExtraData() {
return {
'FileName': $(this).data('title'),
}
}
},
});
Now, of course, this will fail, since it will appear like a GUEST user is trying to create entries, which is an action that is allowed only for registered users.
Does exist-db allow a way to send in my login credentials at this point without having to resort to the standard HTTP login (which is problematic, since it means creating a cookie to memorize the password, which more or less renders the whole login suing exist's mechanisms useless), or is there any way to use the controller instead of an external script?
Thanks in advance!
I think you can add the user and password into the URI to trigger the Ajax client to do basic with. e.g. http://username:password#your-server/some/uri/modules/uploader.xql
For simple, basic authentication we do the following since the page itself is being served from xQuery.
step 1: we create in the page xQuery a variable containing the session info. This should be fine for you ... the result of your login would be an HTML page:
let $sessinfo := util:base64-encode(concat(request:get-parameter('user', ()), ":", request:get-parameter('pass', ())))
step 2: during the build of the result page in xQuery, we turn that into a javascript variable through a simple script command placed in <head> tag:
<script>
var sessinfo = "{$sessinfo}";
</script>
step 3: in Javascript loaded with the page (we use jQuery), after the page is ready we setup authentication for all AJAX requests:
jQuery.ajaxSetup({
headers: {
"Authorization": "Basic " + sessinfo
}
});
After that, any AJAX request made would send basic authentication header with user and password to other xQueries executed with jQuery.ajax
To have an eXistdb session work with XHR (Ajax requests) you need make sure that
login:set-user('my.login.domain', (), false())
is called in the controller before you forward it to your request handler. Otherwise all request will seem to originate from the 'guest' user.
If you want to use vanilla/native JavaScript requests e.g. fetch you also need to tell it to add the credentials to the request:
fetch(url, { credentials: 'same-origin', method: 'GET' })
By the way, the persistent login used in exidtb-login likely uses a cookie value to pick up the session variables stored on the server (JSESSIONID), but I need to check that.
I have 2 laravel projects, 1 for the front end where i m using html css angularjs. The second for api controllers. I call using http post and get the api controllers functions using angularjs to get content data.
In the front end i have a menu this menu appears differently based on user role, if admin or no.
This is done. My problem is the access for views using the url in the browser.
So I have a query where I get for each user what modules in the menu can he see. Now I'm putting the result in Laravel session.
$menu = DB::select menu by user id ... //Getting menu query based on user if admin or no
session(["menu" => $menu);
return session('menu');
I'm getting the results and the menu is showing good in the website based on the logged user if he s admin or no.
Now, to solve the direct url access issue, I want to use this session and compare the url to this session, if the url exists in the session i will let him access, if no i will redirect him to somewhere.
any idea?
I would strongly suggest looking at the Laravel documentation on Authorization before going too far down a custom implementation:
https://laravel.com/docs/5.1/authorization
Without knowing more about how your front-end and back-end applications interact with each other, it is a little difficult to get into speciifics but i shall do my best.
Each page returned by Laravel has access to a Request object which contains information about the request which returned the page. You can access this Request and its assocaited Route using Laravels helper functions (if you are not passing it to the view already). The getPrefix() method will return the root relative url which you can then use as you see fit. For example:
// Return and store the URL as a string
$url = request()->route()->getPrefix();
// Check your session for the URL/s you want to allow and compare to the stored URL
if (session()->get('URL') == $url) {
// User is allowed access to the page
// Do something ...
} else {
// User is not allowed access to this page
// Redirect back or to a route of your choice
return redirect()->back();
}
I hope this gives you some ideas, good luck!
I have an issue when using Ajax in WordPress. Everything is fine when I'm using the main account (account with which I created database for my WordPress).
But when I am using another administrator account, Ajax does not work.
You may need to use the no priv option for the user who are not logged in.
wp_ajax_nopriv_<function_name>
Here function name is calling function name called from javascript/jquery.
$('.selector').on('click',function(){
var data={
action: "function_name",// function name used with no_priv
};
$.post(ajaxurl, data,function(res){
console.log(res); //print the output
});
});
Hope this will help you.
I'm using Ajax to log in a user from subdomain. The Yii2 app is on another subdomain. Both subdomains are configured to use same cookie and session domains and save paths. I'm including session ID with Ajax call to write the user information to the same session used by non-app subdomain like this:
$session = Yii::$app->session;
$session->open();
$session->setId($post["session"]);
$session["user.id"] = $user->id;
echo $session->id; // This does not return the same ID originating from post!
Unfortunately the user information IS NOT written to the session already existing, but a new one. Is there a session involved somewhere in the middle of login process or why isn't it working? I've also tried session_id($post["session"]), but nothing.
This was actually working on previous domain, so I must be missing something. All of the AJAX posted info is correct and checked, the user is logged in properly (checked the logs) but into wrong session.
Thanks in advance!
yii\web\Session::setId() is a wrapper for session_id(), you should read PHP documentation about this function :
string session_id([ string $id ])
If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose.
So you should simply try :
$session = Yii::$app->session;
$session->setId($customId);
$session->open();
I Don't think you are following the correct way to SET & GET session.
Try This:
$session = Yii::$app->session;
$session->open();
$session->set('id', $post["session"]);
echo $session->get('id');
For more info, please click Session Management - Yii2
Is there a way to redirect a user to a page (login page in my case) when an AJAX query is made by the user to a server? The server is supposed to serve data only if the session is set or else the user should be redirected. I have tried sending a header("location:...") request but the browser handled it as a string (xmlhttp.response) rather than acting on it.
Not directly. Your callback function would have to handle it.
For example, if the server sends the text "LOGIN;/login.php;" then your onreadystatechange call back could have the snippet
if (xmlhttp.responseText.substring(0,6) == 'LOGIN;') {
window.location.href = xmlhttp.responseText.split(";")[1];
return;
}
If you're using a framework for the Ajax, this code could be in whichever callback gets the result of the Ajax call.
No. Not directly. You can return something special which should be handled as a redirect. But since the browser isn't looking to navigate and it won't.
In the callback function you can set the window.location to the new page if the session is not set.