My website stores the username of a user after they login (HttpCookie). The issue I am having is that some systems that use this Cookie do not work successfully when a user has logged in with lowercase letters for in username. Is there a way to change the output of that Cookie to all UPPERCASE?
Add .ToUpper() at the end of the "CookieName".Value
Example:
"CookieName".Value = Cookie.Identity.Name.ToUpper();
Related
One of my website is developed in Laravel, it was working fine before. What does is I want to move website from beta.example.com to example.com so I have pointed to beta with original domain name(example.com).
The Website is working fine but all remember me functionality is not working. Now Users have to enter the password and also if they check the check box (remember me) still it does not store the password in cookies or session.
Please help me.
Thank you
You have two options:
1) Add remember_token column in your users table - this is where the token will be stored.
2) Pass true as a second parameter of Auth::attempt() to enable remember me behaviour.
If you do this, Laravel will generate a token that will be saved in users table and in a cookie.
On subsequent requests, even if session cookie is not available, user will be authenticated automatically as long as remember-me cookie is there.
I have made a copy of a website on my local machine so I can work on an offline version.
After logging in, I am redirected back to the login page. I know I have logged in as if I type in a wrong password I get "Invalid User Name or Password." message.
I have double checked the cookies path in the database, this is empty.
I have also tried adding a . in the config file but I'm not able to connect when I update the url to 127.0.0.1.
Is there anything I can check/try?
I am using mamp...
Many thanks.
Try changing address from http://localhost to something with more than one domain component. Sometimes there are issues with logging in using domain without single dot. http://magento.localhost may work in this case.
I have an application using Parse to store server side data. I apply rules to the entry of a password using a regex successfully. However when I use Parse's PFUser.requestPasswordResetForEmailInBackground function the user is emailed a password reset URL which allows any password to be entered in the reset. The problem is that when the user returns to log into the application with their new password it may not conform to the rules set in the regex. How can I enforce password rules in Parse?
I'm using classic ASP ,where there is one single login form for admin and other users.
I was able to redirect admin and user to different pages as they login, but for new users I want them to go authentication page when he first logs in.
How do I go around with it. I'm not so good with sessions infact I used session variable to navigate User and employee to different pages. Is session going to play part in this too..??.
this is what I used to navigate user and admin to different pages
Session("Username")=request.form("user_name")
if request.Form("sub_but") <> "" then
sql = "SELECT * FROM Users WHERE UserName='"&request.form("user_name")&"' AND Password='"&request.form("pwd")&"'"
rs.open sql, con, 1, 2
if rs.EOF then
response.Write("<script language='javascript'>{attention_emp();}</script>")
else
if(rs("UserName"))= "vppl-1" then
response.Redirect ("admin.asp")
else
Response.Redirect ("leave.asp")
end if
end if
rs.close
end if
Don't use session variables for this, use a simple cookie, if the cookie or the user don't exist then redirect them to the authentication form. Session variables are kept only for the time the browser is open, the next time they are gone.
But is this is on an IIS server just activate NTLM (Windows authentication) on the site and then you can control access and retrieve the user and even his access rights from it with a simple Request.ServerVariables("AUTH_USER");
This is called single side logon, which means, once the user is logged in, he doesn't need to logon again, windows takes care of providing the authentication for you which means happy users 8>).
You simply give ntfs rights on the map containing the site and voila, you have your basic security.
I would set a bool in your user_table which is by default false.
then you check in youre code if its false, if yes redirect to the authentication page and set the bool to true.
Updated with clarifications
Hello,
When our users go to http://mysubdomain.server.com/login they get redirected to https://secure.server.com/login?subdomain=mysubdomain. So the actual login page is located on the secure.server.com subdomain.
The problem is that if the user logs in with the credentials meant for subdomainA and tells Firefox to remember the password, the browser will autocomplete the login form even if the user visits the login page meaning to log into subdomainB.
Firefox assumes that the login form on secure.server.com/login?subdomain=subdomainA is the same with the one on secure.server.com/login?subdomain=subdomainB.
At first, I thought Firefox remembers passwords based on a combination of the URL and the name attribute of the form, but I've tried changing the name based on the subdomain (name="login-<subdomain_name>"), and it still doesn't work.
How can I make Firefox remember passwords for subdomainA and for subdomainB separately, and not together?
I couldn't quite decipher what your setup is, but you can enable login manager debugging and check what Firefox does. You can also inspect signons.sqlite in your profile to see what pieces of data are stored with the login.
I thought that for web forms it keyed off the form's submit URL, but my memory is shady on this.
[edit]
source (nsLoginManager.js) says it only uses the form's action and the page's URL, and it uses not the action/page URL itself, but (see _getPasswordOrigin) the scheme+host+port combination.
If they're actually entering data into http just to be redirected to https after login, isn't that a bad scenario? You're already sending the most sensitive piece of data unencrypted across the wire.
I believe a better solution would be to redirect them to the https site and do login there...is there something I'm missing with your setup? Do they login again on the secure site?
AFAIK domain name (complete) is the current basis for remembering login. It wasn't always so, though. I'm not sure about protocol or port number, but a.domain.com is different from b.domain.com and domain.com, but same as a.domain.com/somewhere.