Chrome Extension AJAX always caches errors - ajax

I'm working on updating an old Chrome Extension I have. It works fine if the user is already logged into Google (It's a wrapper on Google Tasks) but if the user isn't logged into Google it caches the 404 response on the AJAX and will never, for any reason, refresh it after the user logs in. Currently the only only way to make it work is to manually go to the page (just type it in the address bar) the AJAX call is trying to retrieve after which all will work fine. Reloading the extension and opening/closing Chrome will not reset it.
On the flip side, if the user begins the session logged in all is fine. When they log out the badge resets as it should but it will never reset once they log back in.
I've tried cache: false, I've tried appending a random variable to the URL. I've tried xmlHTTPRequest.abort() and everything else I can think of with no luck.
Here's the code:
https://github.com/Bit51/Better-Google-Tasks/blob/master/Src/js/utilities.js
Any thoughts?

The issue here was due to the use of "Background Scripts" instead of "Background Page." Switching to the latter allowed me to be able to reset the call.

Related

Forcing a logoff from a Joomla admin session

In Joomla! 3.6, we're trying to force a user to the login screen from the admin section if their session has expired, but without any user input. By default, Joomla! will send people to the login screen if they attempt to load a page after their session has expired. This is something we want automated so if someone walks away and forgets to lock their system, the current page(s) can't be accessed if the session times out.
My initial attempt around this was to run a timed JS loop in administrator\index.php and have it make an AJAX call to an external PHP file that could query the session table. However, including jQuery at such a high level causes many other references to break due to it being included more than once. Due to how the default redirect action works, all this really needs to do is force a page refresh.
Is there a better way or location to do this without breaking existing code?
This required two things to fix.
1) Add
// jQuery needed by template.js
JHtml::_('jquery.framework');
2) Change $.ajax to jQuery.ajax

Stop Safari/Firefox from Cacheing my page

I'm using PHP(header) to send a user back to the home page of the website(which looks different, due to a cookie, then when the user first arrived).
Everything works fine in Google Chrome but in Safari and FireFox a cached version of index.php is shown instead of the updated version of the webpage.
If I hit refresh things look as they should, but I need a way to tell the browser to reload the page without the user having to hit refresh.
Try this...
http://smartcoding.wordpress.com/2009/01/28/php-force-no-cache-page-load/

IE6 accessing MVC3 web app loses session state

I’m investigating a bug in my MVC3/.NET 4 site which runs on IIS7.5 with integrated pipeline that only manifests itself when accessed using IE6.
The process in pseudo is:
Browser requests Page A; server sets
a Session[] value and responds with
the page.
Enter data onto Page A and
http post the form back.
Server tries to get value out of Session[]
previously set in (1) but returns
null >> but only in IE6, 8(.
In IE7, IE8, IE9, Firefox 3.6, Safari 5.0.3, Chrome 10 the same code works without change.
In my global.asax code I put a Session_Start handler in and noticed some strange behaviour.
In IE6 this handler is fired upon every request made BUT the Session.SessionID value remains the same. All the other browsers mentioned above only have this handler fire the first time they make a request. So for IE6 even though the session ID is the same each time it is called it would seem that the fact that it is “start”ing a new session seems to have the effect of clearing the data for the Session ID and starting it again hence the null value.
One theory I had was that because some items on the page (images etc…) would be accessed with HTTP whilst the page itself is HTTPS could be why IE6 is causing this behaviour (new session per protocol perhaps?) but I turned off the code that forced HTTPS to be used on the page in question, so all requests would be HTTP. Unfortunately the same behaviour is still observed on IE6.
After a lot of Googling I found things that said stuff like underscores in the domain can cause this (no underscores present in mine), ensure IE6 is accepting cookies (my test VM was set like to accept all session cookies).
Finally in a last ditch attempt:
I turned every privacy and security setting I could find in IE6 to as low as it would let me
I added my test site (http://<my machine name>/MyApp) to the list of trusted sites
Clear temporary internet files and cookies
Still I get the same issue. I have thought of a way to fix it that involves not using Session for this case but I would rather not make changes due to IE6 when it works in all of the other browsers including decendant versions of IE.
Edit: Some further testing on another page and when accessed via IE6 the session value is correctly retrieved after being stored by access to another page. More specically:
Working Page - Search:
Do a search, results are display and
criteria are stored in session.
Click on one of the results to view it, details page gets criteria in order to build querystring for breadcrumb trail link.
Failing Page - 2 stage login:
Go to 1st stage login page, enter username and password, assuming correct store encrypted http only cookie value with username in.
Redirect to 2nd stage login page, store 3 index values (List<int>) into a "secret" word in Session
Enter 3 characters from a secret word and post back.
Access session to get 3 index values - get nothing.
The reason for the failure is evident due to the observations made in the more generic description above. This is just getting weirder by the minute (and more frustrating).

Classic ASP Logout Process

I'm working on a web application developed classic asp. It has logout button on the top menu which basically does the following actions
Session.Abandon()
Redirect to Index.asp, where users can login again.
After logging off users return to index.asp. But if users click back button the browser, they go to previous page. I don't want this to happen. I want a message saying that they are already logged off.I have implemented following steps
1.Add Response.Expires=-1 and Response.CacheControl="no-cache" at the top of each page.
2.On each page i'm checking session object to see it is not empty. If empty i'm creating a message saying that they are already logged off and need to log in again.
Now when users click back button after logging off, instead off showing logged out message, i get "Web page expired" message on IE8. I see the same behavior when users click back button on some page while logged in.
Any ideas how i can implement this better.
Thanks.
You can't stop users pressing back. A common scenario to work around this is that POSTs target a server page that displays no output but redirects to a new location instead (where the results can be seen).
There are additional non caching declarations that sometimes help:
Response.Expires = 0
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
I did read some time ago (hence inability to find link) that setting an expires to -1 can cause some browser to ignore it rather than have it expire immediately.
Even adding these extra cache controls won't stop some browsers from caching some things some of the time. FF quite often ignores a forced cache reload by the user, so you are in the browser makes hands to a certain extent.
Regarding your "Web page expired" message, this is (as mentioned) the result of the browser trying to stop you from resubmitting POST data (and potentially duplicating what you last did). The best way to get around this, and solve a number of other common UI issues on forms is to POST back to the same page, then if/when the action is completed, using a response.redirect to the same page, maybe with a URL encoded message to say "all done successfully". This allows your users to refresh and helps with the back button issue as most browsers now don't store properly redirected pages in their history.

Why Doesn't Closing A Tab Delete A Session Cookie?

I'm using session-based cookies with my website. To my complete surprise, I noticed if I set a session cookie (not a persistent cookie), close a tab, and then reconnect to the site, the session cookies are still there. That's not what I would have expected, actually. I would have expected the session cookies to be deleted.
If you close the browser, a session cookie is deleted, so why not closing a tab to have the same result?
Therefore, I'm using PHP5 and jQuery. Is there anything I can do such that when a tab is closed I can fix this session issue? Unfortunately the onbeforeunload event on the BODY tag is not useful here because when you click away from a page it fires that event, not just closing a tab.
The session cookie is per-process not per window. So even if you selected New Window you'd still get the same session id. This behavior makes sense. You wouldn't want a user to re-sign in each time they opened a new window while browsing your site.
I'm not aware off hand of any real way around this.
This is by design and trying to change it is a very bad idea. What if a user opens a link in a new tab and closes that? Should the session in the original tab be destroyed? Of course not! This demonstrates why you should not even think about this.
A session ends when the last browser window closes. If you want something else, you:
do not want sessions;
need to make your own "mini-session" infrastructure;
are probably in for a world of hurt and bugs.
Session web storage can be used instead of cookies if you need to depend on tab closure.
You can also write a javascript that detects when a tab is closed and delete the cookie in the javascript
I found a work around.
I'm working in ASP.NET C#. I have a Master Page for all the pages of the site except for the Login page. In the Master Page Sever Page Load event I get the Url of the referring page and check if it contains the root of the the site, if not I redirect to the Login page and since it doesn't have that Master Page it displays.
This works if I try to get to a page from another site or if I enter the Url to the address box of the browser. So if you close the tab and you try to reenter from another tab or reopen the tab, even tho the cookie hasn't been killed you can't reenter the site without going thru Login. This works also even if you haven't closed the tab and your navigating between different sites in the same tab.
This is the code
if (Request.UrlReferrer == null || !Request.UrlReferrer.AbsoluteUri.ToString().Contains("root"))
{
Response.Redirect("~/Account/Login.aspx");
}
When navigating from within the site there's no problem even if you open a link to another page in the site to another tab it opens.
If you want to be additionally sure you can kill the session and authentication cookie in that if clause before redircting to the Login page.
This won't work when a user navigated to another site in the same tab and presses the browsers back to button because that works on cache and doesn't automatically send a request to the server.
So this doesn't kill the session or authentication cookie on closing the tab, but it can help prevent reentering the site without logging in after closing the tab.

Resources