I am having difficulty with logging in and the functionality of the back and forward buttons associated with a user who is logged in. When I log into the application from the login page I am directed to a page (lets call it logged_home). If I press the back button I am returned to the login page. If I then press forward I am redirected to the "logged_home" page. The desired outcome when pressing the forward button at this point would be that the logged session is destroyed and if the person presses the forward button it remains or redirects back to itself i.e. login.
I have tried a number of approaches including clearing cache and destroying the session but havent found a workable approach as yet. In detail I have tried to instigate a session destroy every time the login page is loaded but it doesnt seem to work as intended. Any guidance would be appreciated.
Related
Am using struts2 to create login and logout functionality, when user login i will create the session for him,by using interceptor i will filter all users if they are in session or not if the session not created i will redirect the page to login........my problem is once i done logout that will redirect to the login page but when user click browser back button the page will get refreshed and again that will login ,,,,,,could anybody help me out from this problem
Thanks in advance
When you click "<-" button on browser the browser renders the page from its cache. So server does not know if you have click back button. In your case when user clicks back button, page is loaded from cache but it does not mean that session is again created for that user as logged in. When user will click on any authorized link on that page, your server side code will check that user has no valid session and login page will be returned.
Solution: However if you do not want user to get cached page then you can load a script say checkLogin.js for every page in your site. This script should be executed on load event of the pages. When user logs out, set a variable in cookie indicating that user has logged out. When user clicks back button then that script will be executed. That script will check, using the mentioned cookie variable, if user has logged out. If user had logged out then redirect to login page using javascript.
To avoid that refreshing i have redirect my page to menu after loginsuccess not forward i have escaped from that ghost problem
use like this in ur struts.xml
<result name= success" type="redirect">Menu.jsp</result>
thanks for all
I am using selenium in my application.
In login page, I enters username and password. and click on Login button.
When i click on login button, fields gets cleared and remains on same page without any error or warning message.
All the xpath values are correct.
When used in record and playback it works.
Please provide solution.
First see what is happening if u do it manual. If u provide login details to the page, is it redirect to next page or it remain the same page, I feel there is an issue in your test page.
I am having a session issue in codeigniter 2.0. The reason I think is it caching the page. Here is my problem.
I created a page and to access this page a user login is required. The login works fine. When I logout then I again redirected to login page and thats perfect. But if I click Back button of my browser then it again take me to that protected page. Technically this page is not accessible now because I have already logged out. If I put the link of that protected page in browser then it ask me to log in but after logout the browser back button is having the issue.
Can anyone please guide me with this.
Thanks
That's normal browser caching behavior. One of the way to fix that is to make sure that wherever users go from the cached page, their session will be checked, and if they've logged out in the mean time, they'll be redirected to the login screen, so no harm can be possibly done.
i have a problem with a WP7 app. I want that a user can login into the application, doing some stuff and logout.
Now, then a new user get the phone, it should not be possible to get into the session of the old user (by simply pressing back until the user see the intern data of the previous user who was logged in).
how to make this?
The best thing would be, that when a user press the back button, it will be forwared to the first page of the app. the problem then is, that there will be a loop and the app will not pass the certification because it will not be possible to exit it.
Here is an overview:
loginPage (no return just exiting the app) -> internPage (possibility to logout and return to loginPage)
You can clear the back stack using NavigationService.RemoveBackEntry:
while (this.NavigationService.BackStack.Any())
{
this.NavigationService.RemoveBackEntry();
}
Put this in the OnNavigatedTo of your LoginPage, so pressing back on this page will exit the application. If the LoginPage is the first page the user sees when launching the app (and therefore is the application main page), it should pass certification.
try the nonlinearnavigationservice that way back will unwind your history properly an you back out of the mainpage it will exit your app correctly.
http://create.msdn.com/en-US/education/catalog/article/nln-serv-wp7
why not have the mainpage show the icons for the different users, and a click onto the user would ask for their password?
You cannot change the navigation flow of your application so that the back-button takes you to the first page. This will result in you failing the marketplace certification.
What you could do is handle the application lifecycle events, when the user leaves your application, then navigates back to it via the back-button you application is re-started either from a dormant or tombstoned state.
You can read about the lifecycle here:
http://www.scottlogic.co.uk/blog/colin/2011/10/a-windows-phone-7-1-mango-mvvm-tombstoning-example/
You need to add logic into the Activated event. At this point you could display a logic Popup that ensures the user has to re-enter their credentials to continue using the application.
The best way is to create separate view like UserControl and then show it as Popup when you need user to log in.
This is the way recommended by Microsoft also, and zou won't be having this navigation problems.
Something like this:
enter link description here
I am writing my first FireFox extension and I have some questions. Maybe someone can help.
I have a website which requires login. The sign-in is one user per login type. So if I am logged with the username "tom" from one PC and go to other PC and try to login with the same details, it fails. When I click the log-out button from my authenticated page, the new location executes a PHP function to log-out the user (updates the "logged" status of the user in MySQL). The problem is that if a user is logged in from his work desk and surfing the page then suddenly he gets a call by a friend to quickly grab lunch in his break and has to meet him in short time, he just clicks the X (close) button from Firefox, forgetting to press the log-out button so the status of the logged is still 1. Later on, if he wants to access the page again from home, he won't be able to log in.
So, I need to grab the "close" event from firefox somehow. I am thinking about looking for the ones that contain the "website.com" domain only. Then, if a tab is closed or the main window of Firefox is closed, send an unique key, and the username to that URL that logs out the user and the problem may be solved. I don't know if this is possible. Please post any idea (followed by code if you can) for this extension to be built.
Thank you.
By design, this is wrong.
If a user's PC crashes (harddisk failure, power failure) your plugin won't be able to log out the user. And so, the user won't be able to login on any PC.
--
Let's revisit the premise,
a. why does logging in from another PC need to fail?
b. How about invalidating the login from the previous PC (log out) when the user logs in to another PC. THis is kind of like how chat applications like Yahoo! Messenger work.
From your answers, here's what i would suggest: if the user is logged in on another PC, warn and present the user with options:
cancel logging in
forcibly log out the other user and proceed to logging in
Logging the user out after a certain time of inactivity is the (application or web) server's responsibility, not (only) the client-browser's. This is called a session timeout.
You might be able to avoid the timeout by a browser implementation as you describe it, but this should not be the primary solution.
Here's an off hand approach you might take:
In your case I would include a timestamp in the table where the 'locked' state is stored. Every time a user does an action that timestamp is updated. When you try to login again ad the timestamp is older that a certain threshold (e.g. 15min) your login code should silently logout the previous user.
In order to receive a notice about the tab being closed, you'll want to do something like this sample code. However, instead of listening for load, you'll want to listen for unload.
When you do end up getting notified about unload, you'll have to do a request to the logout page just like the web application does. You can figure out what the location of the document that is unloading is by checking aEvent.originalTarget.location.href. Note that aEvent.originalTarget will give you the document object of the tab that is closing. You'll then want to use an XLMHttpRequest for this in your event handler.
You could use ajax that would ping a page on the site - all the session info will be passed and you can verify that the user still has an active browser/page open. If Firefox crashes it won't be able to ping the website anymore and the session could time-out after 15 minutes. I think that allowing a forced logout on another sign-in would be best. Usually when I leave work at the end of the day I wouldn't close all the programs or logout or anything - just lock my computer to prevent anyone from using it. Next morning I come back with all my programs still running so I can continue where I left off.
BTW, Yahoo Web messenger probably uses some form of session-based cookies. That is, cookies are stored in memory and are gone when the tab or browser are closed.
Just enable to the user to re-login from another machine. And if you get a request from the user on first machine, ask him to re-login too. So you get a single logged in user at a time.