I am having a session issue in codeigniter 2.0. The reason I think is it caching the page. Here is my problem.
I created a page and to access this page a user login is required. The login works fine. When I logout then I again redirected to login page and thats perfect. But if I click Back button of my browser then it again take me to that protected page. Technically this page is not accessible now because I have already logged out. If I put the link of that protected page in browser then it ask me to log in but after logout the browser back button is having the issue.
Can anyone please guide me with this.
Thanks
That's normal browser caching behavior. One of the way to fix that is to make sure that wherever users go from the cached page, their session will be checked, and if they've logged out in the mean time, they'll be redirected to the login screen, so no harm can be possibly done.
Related
I am having difficulty with logging in and the functionality of the back and forward buttons associated with a user who is logged in. When I log into the application from the login page I am directed to a page (lets call it logged_home). If I press the back button I am returned to the login page. If I then press forward I am redirected to the "logged_home" page. The desired outcome when pressing the forward button at this point would be that the logged session is destroyed and if the person presses the forward button it remains or redirects back to itself i.e. login.
I have tried a number of approaches including clearing cache and destroying the session but havent found a workable approach as yet. In detail I have tried to instigate a session destroy every time the login page is loaded but it doesnt seem to work as intended. Any guidance would be appreciated.
Am using struts2 to create login and logout functionality, when user login i will create the session for him,by using interceptor i will filter all users if they are in session or not if the session not created i will redirect the page to login........my problem is once i done logout that will redirect to the login page but when user click browser back button the page will get refreshed and again that will login ,,,,,,could anybody help me out from this problem
Thanks in advance
When you click "<-" button on browser the browser renders the page from its cache. So server does not know if you have click back button. In your case when user clicks back button, page is loaded from cache but it does not mean that session is again created for that user as logged in. When user will click on any authorized link on that page, your server side code will check that user has no valid session and login page will be returned.
Solution: However if you do not want user to get cached page then you can load a script say checkLogin.js for every page in your site. This script should be executed on load event of the pages. When user logs out, set a variable in cookie indicating that user has logged out. When user clicks back button then that script will be executed. That script will check, using the mentioned cookie variable, if user has logged out. If user had logged out then redirect to login page using javascript.
To avoid that refreshing i have redirect my page to menu after loginsuccess not forward i have escaped from that ghost problem
use like this in ur struts.xml
<result name= success" type="redirect">Menu.jsp</result>
thanks for all
I am using selenium in my application.
In login page, I enters username and password. and click on Login button.
When i click on login button, fields gets cleared and remains on same page without any error or warning message.
All the xpath values are correct.
When used in record and playback it works.
Please provide solution.
First see what is happening if u do it manual. If u provide login details to the page, is it redirect to next page or it remain the same page, I feel there is an issue in your test page.
I have this website that I developed. It is acting weird. I logged onto it and now it seems that I can't logout of it. It has session which I don't know how it can still maintain after logging out and also in different browsers and even in incognito.
The weirdest thing is that if you open it in your browser you get same session state. You can't do anything with it. But it is jut there.
What is going on?
Go to this page, it shows some user logged in. click Add and it asks for credentials again. Like an endless loop.
http://krninstitute.com/krnitech/Forms
Then go to this page, it shows other user logged in. Go to the end of the page.
http://krninstitute.com/krnitech/Gallery
This question requires these external links.
But here are images just in case:
Edit 1:
What is causing every request to end up with session cookie? I don't have any cache implemented. Does it have something to do with recent GoDaddy crash?
Edit 2:
Questions are 1. how can you see who is logged in on the application? I haven't implemented such functionality. And 2. how there are two people logged on from same browser window?
Session and Authentication are two different things. When you use FormsAuthentication to login and logout, it does not change the session. You must abandon the session in addition to logging out to do that.
Session.Abandon();
Be aware that the session will still be there until the end of the request, so you should probably immediately redirect to a default page afterwards.
I have an HTML page with a login form and a registration form inside of an overlay. When the user submits either of these forms, an AJAX request is made back to the server.
If the registration or login is successful, then the user is logged in and certain parts of the page are updated. If there is an issue with the login/registration credentials, then the user is asked to correct the error.
How do I get the browser to prompt the user to save or remember the username/password used for this scenario?
I was able to get Firefox to prompt the user and remember the password by following the answer here:
How can I get browser to prompt to save password?
But this solution did not work in webkit browsers or IE. Also, I tried adding the autocomplete attribute to the forms with value "on", but this also did not solve the problem.
Thanks in advance :)
I'm not sure if you are going to be able to find a solution to this that works across all browsers in a timely manner and if you do it may be very brittle and could break after any browser update.
A more reliable and robust way of doing this could be to do it with your own code by building this functionality into your UI. This would probably even save you some time in the long run. You could have a "remember me" checkbox or a "remember me" popup that comes up after a successful login.
If the user opts to be remembered just write an encrypted cookie with their username which if detected will allow them to bypass login. Assuming SSL I don't see this route as being much less secure than trying to force the browser to do it as the information will be stored un-encrypted on most users computers either way.