The session data disappears when a page is duplicated a few times in Chrome/Firefox.
Below is an example:
Load http://www.example.com/parent/test.
This page has a search feature which on click invokes a Python script that sets a session variable and redirects to a page template http://www.example.com/parent/redirected which accesses the session variable.
On http://www.example.com, from a dropdown menu "Test" is selected which leads the user to "http://www.example.com/parent/test" page. On this page, once you hit search and immediately try to open another page on the website by "Opening in New tab", the original page does not load the results because the session is somehow empty now (session.get('variable') is empty) and hence "http://www.example.com/parent/redirected" does not load anything.
This seems to happen with Zope's built-in session manager and the effect is more pronounced when Beaker is used.
Related
I have a home page url http://localhost:3443/home1
In the index action of home1 I am having a session["Home"]=Home1.
I am having another home page url http://localhost:3443/home2
There i have a session session["Home"]=Home2.
Now the context is for some user the landing page is home1. So if they click on home button on the menu or or do any such activity they should land into home1.
For another set of users they should land into home 2 for whatever activity they do which leads to the home page.
Now the menu.it is a ascx control
Here we are checking the session value is home1 or home2.
Based on that we are redirecting the user to the desired landing page.
Now the problem that I am facing is when we copy
http://localhost:3443/home1 to another tab e.g. tab2 and from there we change it into home2 and then do some activity. And then come back to tab1, what happens the value gets overridden it taken the home2 session. Which leads to the wrong landing page on click of home link in the menu. Do you have any solutions for this problem?
I hope i have correctly explained the problem if not please let me know,I will explain further.
Session is for the connection which will include both tabs (for example why you can login to stackoverflow on one tab and then if you open a second tab you are still logged in)
As #Skuld mentioned, the session is for user connection to the site so if the user goes to another page he or she is allowed to go they can open this in a new tab keeping the original tab open, if these are form pages you might want to look at 14 AntiForgeryToken. also i noticed you said this happens in IE does this also happen in Chrome? if so you might want to look to see if IE is excepting cookies. you can add roles to the session and then authorize those roles to home1 or home 2 from your controller, you should be authorizing users and roles to pages in your code not within your session. its hard to help any more without any code to look at.
Hope this gets you on the right track.
Here is my Gwt App, I have many pages: CustomerPage, OrderPage,... Each of these pages will have a header that have a Login Panel on top & its own content in the middle like this:
1- Customer Page
____________UserName...... Password....... Login
Customer Content here.....
2- Order Page
____________UserName...... Password....... Login
Order Content here.....
This means user can sign in in any page, they don't need to go to homepage to sign in.
Then here is my question, When user is in a certain page (ex: CustomerPage) & if they Log out then:
1- Should I refresh the whole page or redirect users to a Logout Page, so if they want to reopen the CustomerPage, then the page will have to go through all the Initializing processes (onBind-onReveal-onReset...)
2- Should I just let user stay where they are, and when user clicks logout button then system will reset variables. By doing that, then if user logs back in, the page will run faster cos it doesn't have to go through all the (onBind-onReveal-onReset...). However, if i do that then it quite difficult for me to reset all the variables. I have to remember which variables already initialed at the time the page got loggined & try to reset it to null or empty string. If i miss resetting just 1 variable then i will have trouble.
Some big site like Google or Facebook are using the solution 1, ie when user signs out it will redirect to new page or go back to homepage.
Also If adopting the solution 1, then i just need to call Window.Location.reload(); & it will reset everything. Even user clicks Back Arrow, they won't be able to see the old data since everything was reset.
So:
Is it Good Practice to redirect to a new Page or staying at the same page When user logged out (GWT)?
When users click on a Logout button, they expect that they can walk away from a computer. If you continue to show the same page, someone else might gain access to the data.
The universally accepted approach is to hide all data (i.e. redirect to the login/home page or close the app completely) when a user logs out. That's what users expect, and this is what you must do.
It depends what you've got loaded into the browser. Log in/out via a page refresh will be slower and present lag to your user. If you properly cleanup after yourself on logout (delete server side session, unbind presenters, clear caches) then it is really optional to refresh the page.
The universally accepted approach is to hide all data (i.e. redirect
to the login/home page or close the app completely) when a user logs
out. That's what users expect, and this is what you must do.
If your session management server side prevents any RPC's once you've logged out, and you no longer present/cache data, this is not an absolute necessity. Use digression based on your app needs, size, load time, and the sensitivity of the data it conveys.
I have a few pages in an Application that require A-Synchronous calls to be made for about 2-3 minutes to get Synchronized, the user may navigate away from that page during Synchronization and can come back again after visiting multiple pages and the sync continues all the time he is on other pages as well, when I go to a page from sync-page and press the Back button everything works fine.. but when i go to a page and navigate back to sync-page from Application Bar a new Instance of the Page is created and the Sync is just like Re-started.
Now i know every thing is working fine since new instance of a page is created when i call NavigationService.Navigate() , but what should i do in this scenario ? How to get the old instance of a page if it is there ?
Thanks...
You can't get an "old" instance of a page and it's not guaranteed that a backwards navigation will reload the previous instance of the page, it may be a new instance of the same page, but restored to the same state (assuming you saved any).
If you are trying to provide backwards navigation from the application bar then a) you probably shouldn't because that's what the back button is for, and b) you should make sure you use NavigationService.GoBack() instead of NavigationService.Navigate() because Navigate will always launch a new instance of your page.
If the page you want to get to is not the previous page, then it sounds like you are trying to implement non-linear navigation for which there is a recipe on the App Hub.
By the sounds of your scenario, you should handle this long running process separately (away from the view) and then display it's progress or results in a view when the user navigates to the relevant page.
suppose one user logins to a web site and start navigating its pages.
For a specific page, he copies page address and pastes it to a new IE window address bar.
Now, what happens to his session? Does it duplicates? or what?
No, AFAIK, the SESSION cookie gets sent to the browser (the application as a whole, not the window). Each window references the same cookie information held by the browser (IE).
An oversimplified example:
Think of it as a database and a script. The database houses a bunch of information, which can be read by many scripts. That information is still housed in one place even though every script can do something with it.
The session cookie would be the database and the browser window the script.
I think it goes like this:
If the "new window" is opened with Ctrl-N in the first window, the same session exists in the "new window".
If the "new window" is opened by double-clicking on the IE icon, the first window's session doesn't come along for the ride.
Independent of the browser a new window or tab of the same browser uses the same session. Only another process will have a different session. For example copy the address to another browser like Firefox, and you will get a new session.
Opening a new window within the same browser is no different from the server's point of view than reloading the page in the current window. The session is the same and the server merely issues a response to the request. However if there were any POSTed fields in the original page request (for example, the user had performed some actions) these will not be sent with the new request.
Sessions are created and destroyed by the web browser on the server. So sessions are unique for each browser. That is no need to re-generate when using the same browser (if not log out)and need to re-generate when using a different browser from the first one. Therefore if copying the URL to the same browser before closing the current window, then it is same as the earlier session. But not if copying to a different browser, and in this case you will ask to log in again.
However if you have set the session to be closed when window is closed, then closing the browser will close the session and but closing the tab will not close the session because server keeps that browser is still live and then keep the session live.
I'm using session-based cookies with my website. To my complete surprise, I noticed if I set a session cookie (not a persistent cookie), close a tab, and then reconnect to the site, the session cookies are still there. That's not what I would have expected, actually. I would have expected the session cookies to be deleted.
If you close the browser, a session cookie is deleted, so why not closing a tab to have the same result?
Therefore, I'm using PHP5 and jQuery. Is there anything I can do such that when a tab is closed I can fix this session issue? Unfortunately the onbeforeunload event on the BODY tag is not useful here because when you click away from a page it fires that event, not just closing a tab.
The session cookie is per-process not per window. So even if you selected New Window you'd still get the same session id. This behavior makes sense. You wouldn't want a user to re-sign in each time they opened a new window while browsing your site.
I'm not aware off hand of any real way around this.
This is by design and trying to change it is a very bad idea. What if a user opens a link in a new tab and closes that? Should the session in the original tab be destroyed? Of course not! This demonstrates why you should not even think about this.
A session ends when the last browser window closes. If you want something else, you:
do not want sessions;
need to make your own "mini-session" infrastructure;
are probably in for a world of hurt and bugs.
Session web storage can be used instead of cookies if you need to depend on tab closure.
You can also write a javascript that detects when a tab is closed and delete the cookie in the javascript
I found a work around.
I'm working in ASP.NET C#. I have a Master Page for all the pages of the site except for the Login page. In the Master Page Sever Page Load event I get the Url of the referring page and check if it contains the root of the the site, if not I redirect to the Login page and since it doesn't have that Master Page it displays.
This works if I try to get to a page from another site or if I enter the Url to the address box of the browser. So if you close the tab and you try to reenter from another tab or reopen the tab, even tho the cookie hasn't been killed you can't reenter the site without going thru Login. This works also even if you haven't closed the tab and your navigating between different sites in the same tab.
This is the code
if (Request.UrlReferrer == null || !Request.UrlReferrer.AbsoluteUri.ToString().Contains("root"))
{
Response.Redirect("~/Account/Login.aspx");
}
When navigating from within the site there's no problem even if you open a link to another page in the site to another tab it opens.
If you want to be additionally sure you can kill the session and authentication cookie in that if clause before redircting to the Login page.
This won't work when a user navigated to another site in the same tab and presses the browsers back to button because that works on cache and doesn't automatically send a request to the server.
So this doesn't kill the session or authentication cookie on closing the tab, but it can help prevent reentering the site without logging in after closing the tab.