The problem is after i logout, then press back button or go to user_control/login, then refresh, i wasn't redirected to the log in page but rather at the home page.
I unset and destroyed the session already.
One solution i found from the web is no cache. It works but it prompts for the resubmission of form and when i refresh i wasn't redirected to the login page but rather at the home page.
> controller: user_control
> function: login
> algorithm:
> 1. form validation set rules
> 2. get posts of username and password
> 3. check if the username is in the database and entered password is equal to the password in the database, if true go to 4. else go to signin page.
> 4. set session
> 5. load view home.php
I suspect, everytime i press the back button, the post request is still there, and when i refresh, it calls the user_control/login with the posts credentials of the form.
You need to restrict your home page or any other pages to only logged in users. Redirect others to the login page. Have a look at Ion Auth documents for an example of how this can be done.
Related
I'm facing some security issue
I have two jsp pages(login page and after login) and I'm exploring them on Chrome.
After I login, the browser moves the page.
Then, if I press the back button on browser tab, the browser moves back to login page. However, The session from my previous login is still valid.
So, I can explore entire web freely by just removing '/login' from my url
What I have to do is..
if the browser moves back to login page, I should invalidate previous session.
In your login page you can check if session is set or not always like below :
<% if(session.getAttribute("user")!=null){
response.sendRedirect("your profile page");//redirect to some page
}
%>
In above code,if user is not null ,then it will go to your profile-page ,put this code in your login.jsp to prevent user to login again ,also don't forget to set your Attribute i.e : user
I am quite newbie to codeigniter, I have login system to start with on site, and have 2 scenario:
If user is already logged in, and if clicks on url from other site(different domain), then it will redirect to given link.
If user is not logged in and click on link from other domain then he will first redirect to login page and then he will redirect again to clicked link.
now my first case works but not second, I tried setting a url in session like,
$array['login_redirect'] = current_url();
$this->session->set_userdata($array);
which is giving me correct url
but after login, session data shows login page url as value for login_redirect.
You need to add condition to set current url.
for Example:
$current_url = current_url();
$login_url = 'www.test.com/login'; // Login url of current website
if($current_url != $login_url){
$array['login_redirect'] = $current_url;
$this->session->set_userdata($array);
}
You can save current url in session when user is not logged in and don't do it when user is on login page - then you can read link from session and it will be link to last visited page.
Another solution is to save url to page in cookie when user clicks on link and then you can read it in PHP and redirect user to correct page.
Third solutiuon is to send this link via POST or GET when user is redirected to login page.
I am trying to set up a login portion for my site - and the login is working fine. However, if the login is incorrect, it goes to a 404 page instead of a login page. How can I fix this?
Most joomla login modules have parameters for redirecting users to a menu or a url after successful or unsuccessful login. I guess yours is redirecting users to an upublished menu or item or a broken link.
If you are using Joomla's native Login module or something like mod_k2_user, There should be a parameter called Login Redirection Page which you can point it to a published menu item.
Go to your administrator area, module manager and find your login module an take a look at it's parameters.
I need to manage login in such a way that it should redirect the control after successful login to the page which call login method in pyrocms.
By default it return control to Home Page. for example i want to go gallery page but it require user to be logged in so it will redirect control to the login page and now i want to redirect the control back to the gallery page once the user successful logged in.
Finally, i have come with the exact solution which is working correctly for me.
Whenever user try to view the gallery page(restricted page) which require user login, we have to only assign the URL where we want to redirect after successful login in $redirect_to in the controller method:
$this->session->set_userdata('redirect_to',$redirect_to);
Then it will automatically redirect the control to the desired page. Because in the users controller the login function is developed in such a way that:
$redirect_to = $this->input->post('redirect_to') ? $this->input->post('redirect_to') : $this->session->userdata('redirect_to');
Hopefully this will help you sometime
I am trying to implement the following scenario:
1) A user is not logged in, and on page foo.
2) The user clicks login on that page which shows a lightbox.
3) The user logs in via the lightbox.
4) The page, foo, is refreshed upon login success.
Steps 1-3 are done. In step 4 right now, the user is always redirected to their profile page upon login IF the user is logging in via that lightbox method.
I have login redirects to pages if the user is trying to GET some page which requires login access. Then the user logs in and is automatically redirected to that page the user was trying to go to. But in the above scenario, the user is already on a page, and I want to refresh that page upon login.
Any tips on how I can implement the above?
Thanks.
An answer to your question would be to redirect to the current page instead of "refreshing" it :
redirect_to request.url
But, be aware that this will issue a REDIRECT, which means a 302 status code (rails default). You can specify the status code you want with :
redirect_to request.url, :status => 301
Hope this helps!
Make the login form in the lightbox submit via ajax (rather than the usual post). In Rails 3 just use :remote => true in the form. In the ajax response run some javascript that refreshes the page: window.location.href = window.location.href;
Note that there are many ways to accomplish your task, and this is just one option. I've found it to work well for me on my site: http://www.tmatthew.net/blog
One option you can easily use in many circumstances is:
redirect_to :back
This just sends the browser back to the page it originated the request from. This is handy when you have a form that appears in multiple places and you want the person submitting the form to be taken back to whatever page they happened to submit it from rather than always redirecting to a certain page (like you're describing).