I have used jquery model pop up in my application in mvc, after the session time out user should be navigate to login page, but when we click on button which opens model popup, login page is opened in the popup, it should not happend in popup, pls give me some solution for this..thanks...
Your xhr seems to get redirected to the login page, this is probably due to your server not handling session timeouts for xhrs (the xhr response is the markup of the redirect target). What techs do you use on the server side and some code (especially server side) would be nice.
Related
In a spring security application i am navigating to the login page and entering my credentials and getting logged in.Now again if i open a new tab in the same browser and navigate to the login url it shows me the login page.If I enter another users credentials and login my previous Jsession ID(ie: the one created in the previous tab) is getting overridden with the new jsession id.Upon refreshing the previous tab the session is overridden.
I want to implement that if a user is logged in already in the application, upon navigating to the url again in another tab on the same browser the homepage of the application should open.
Please advise as how I can accomplish that?
Since the server uses the cookie to map to the current session, you'd have to control how the browser sends cookies. Every time a request is sent to a website from a new tab, most browsers will send all the cookies it has for that domain. Since your server received the same session cookie, it will treat this request as being in the same session. There's no way it can tell the difference.
Therefore, as far as cookie-based web sessions go at least, you probably won't be able to force the creation of a new session upon opening a new tab.
I am trying to launch my application which loads iframe as soon as url completely gets loaded.
The iframe has 3 fields:
username,
password
next button.
When I pass the details and click on the next button, it should load otp content (ajax call) in the same iframe, when I use chrome I can pass a username and password, but upon clicking on next button, it's going to some private site instead of loading the otp content in the same iframe, whereas things are working fine in IE browser. I am not getting any exception also.
What could be the reason?
TL;DR - AJAX URL redirect breaks 'pageinit' and any subsequent 'pageinit's that occur after the redirect
(see https://stackoverflow.com/a/14469041/2133816 for information on pageinit)
How to recover from this?
In Detail:
My mobile site has user accounts, so when a homepage button is selected that requires a user login it will first try to access the site in question...
m.smellyeggs.com/stuff?id=2497349187324&tr=454543522525
But once it is detected that the user has not logged in, the site reroutes the user to...
m.smellyeggs.com/login
Sadly, this event breaks functionality for all pageinit events:
$(document).on('pageinit', function(){
// things are done here
});
So after a redirect event occurs, no more pageinit events are detected, and unfortunately my data is loaded from the cache.
How can I recover from a "broken" pageinit, specifically occurring after an AJAX redirect.
Thank you!
I'm using Spring MVC for a personal webpage with a local Tomcat 6 server. I'm using a default Tomcat configuration(what eclipse would setup by default).
In my controllers(using one controller for each page, and creating Session beans to pass information between them) I have two methods, one for capturing a POST and one for capturing a GET Request Method. The page logic will have the user click a submit button and will use a "redirect:abc.htm" return to send them to a new page or back to the GET method.
I'm not explicitly handling cookies, but do have all the information in Session Beans and am using Spring Security to handle security/user management.
I have a spring security configuration to redirect the user back to the login page if they are not authorized. I also have an ExceptionHandler catching HttpSessionRequiredException, though this is not what is triggering when I expire the user sessions(it's using the logic of my Spring Security configuration).
When the session is expired(I'm doing this through Tomcat manager) the user is redirected back to the login page. They are redirected after they try to do something(click a submit, or revisit any page except login.htm).
My issue is that once they get back to the initial page that their session expired at, if at the time of expiration they clicked a submit button, it is redirecting them past the initial page and handling the POST event from the submit.
Example:
User is logged in, and on the main page
User Session Expires
User, on the main page, click a submit button
User is redirected back to the login.htm page
User logs in and navigates back to the main page.
Instead of following the logic of the GET for the main page, they are treated to the POST of the main page, and I'm not sure where the POST variables are coming from.
Is there any way to trace where this error is coming from or what exactly is causing it?
This is done by spring-security. Spring security stores the request details in the session before redirecting the user to the login page. On successful login it will retrieve the request details from the session and redirect to that.
You can set the always-use-default-target attribute of the form-login configuration to override this behavior.
I have several portlets in my application. If I open a url using window.open() method, the session id changes and causes an error in other portlets. If I don't open this url, everything works fine. But once this new window is opened, the session is cleared and the rest of the portlets throws an exception since some values are missing.
In the address bar of the browser I typed in javascript:alert(document.cookie); to see the JSESSIONID. It remains constant throughout the page and changes when I click the link that launches a new url in new window. I used IE8.
Any suggestions to maintain the session state in IE would be greatly appreciated.
What URL are you passing to window.open()? An easy way to get IE 8 to maintain the JSESSIONID in the popup would be to use a relative URL in the call to window.open() in the portlet markup. The critical thing is that the domain name remain exactly the same. Here's an example of a button with window.open() in the onclick event:
<button onclick="javascript:window.open('/wps/portal')">Home Page</button>
I'm using Websphere Portal, so '/wps/portal' just links to the home page.
Also, what do you intend to be the target of the popup window? A different portal page with the same session?
Update: Given that the target of the window.open() is an independent web application hosted on the same domain...
The portal server and the application server hosting the web application have independent sessions, but they both use a cookie called JSESSIONID by default. The first time you access the web application, the application server overwrites the portal's cookie, causing every subsequent request to the portal to have the wrong session id. When this happened to me, my solution was to configure the portal to name its session cookie something else (e.g. PORTALSESSIONID) so the two do not conflict.