What is the purpose of isFirstPageAfterLogin method in admin/session model? - magento

I see where this method is being used, but I'm wondering who has an authoritative answer on the matter?

I know you said you know where, but I'm going to mention it here for completeness since you didn't... hope you don't mind! :)
The flag that isFirstPageAfterLogin() checks is set in the login() method that's called during the admin login process.
It is used in the following places:
Mage_Adminhtml_IndexController to store the value in the admin session so that it's still available on the first page load after the login form is submitted.
Mage_Adminhtml_Block_Notification_Window to determine whether or not to show the notices "window" that often shows after login.
A few actions on Mage_Adminhtml_Report_StatisticsController in order to redirect the user to the page they should be if their login routes them to one of the report refresh actions.
Mage_Core_Controller_Front_Action uses it to redirect a user back to the dashboard if their login routes them to an action that would send a download response, which frequently can rely on filter data that may or may not be available to the controller if it come from the login.
So to recap, it's a very important flag that is used to control some behind the scenes behavior. The most important being redirecting to the correct login page and allowing for one-time notices to show upon login.

This value is used in Mage_Adminhtml_IndexController, specifically the indexAction(), and redirects the admin user to the start up page defined in System > Configuration > Advanced > Admin > Startup Page.

Related

UWP: Calling Frame.Navigate() from a Page.OnNavigatedTo event

Into an Universal windows app I want to check user's authentication during page load, or after that an user as navigated to. This permits me to offer a navigation filtered by authorizations with a single page granularity.
For example, if an user didn't login and a page requires authentication, user has to be redirected to a login page.
The problem comes when I try navigate to an other page from the OnNavigatedTo event, when previous navigation is not completed and the new fails. I've searched for other events like an OnNavigationCompleted, but I don't find anything. If I use an asynchronous method without waiting it works, as if I use a timer dispatcher, but both solutions doesn't sound like so clean.
Exists a method to handle an event raised after navigation completed or I have to pre-check authorization during navigation call? I hope to avoid this solution because a wrong call could show an unauthorized page.
If you really want a separate page according to this answer https://stackoverflow.com/a/19527979/4788286 you could probably use the loaded event. But I'd test it before just to make sure.
Sidenote: also, your question implies that you're doing business logic in the view codebehinds - this is bad practice, I suggest looking into the MVVM pattern. (If you need a framework I suggest MVVMLight or PRISM)
I think the precheck would be the best method. Check if they are authorized to view the page before they can navigate to the page. If they are not authorized ask if they want to log in or purchase rights to the page

Is it Good Practice to refresh the whole Page or Just reset the variables when user logged out (GWT)?

Here is my Gwt App, I have many pages: CustomerPage, OrderPage,... Each of these pages will have a header that have a Login Panel on top & its own content in the middle like this:
1- Customer Page
____________UserName...... Password....... Login
Customer Content here.....
2- Order Page
____________UserName...... Password....... Login
Order Content here.....
This means user can sign in in any page, they don't need to go to homepage to sign in.
Then here is my question, When user is in a certain page (ex: CustomerPage) & if they Log out then:
1- Should I refresh the whole page or redirect users to a Logout Page, so if they want to reopen the CustomerPage, then the page will have to go through all the Initializing processes (onBind-onReveal-onReset...)
2- Should I just let user stay where they are, and when user clicks logout button then system will reset variables. By doing that, then if user logs back in, the page will run faster cos it doesn't have to go through all the (onBind-onReveal-onReset...). However, if i do that then it quite difficult for me to reset all the variables. I have to remember which variables already initialed at the time the page got loggined & try to reset it to null or empty string. If i miss resetting just 1 variable then i will have trouble.
Some big site like Google or Facebook are using the solution 1, ie when user signs out it will redirect to new page or go back to homepage.
Also If adopting the solution 1, then i just need to call Window.Location.reload(); & it will reset everything. Even user clicks Back Arrow, they won't be able to see the old data since everything was reset.
So:
Is it Good Practice to redirect to a new Page or staying at the same page When user logged out (GWT)?
When users click on a Logout button, they expect that they can walk away from a computer. If you continue to show the same page, someone else might gain access to the data.
The universally accepted approach is to hide all data (i.e. redirect to the login/home page or close the app completely) when a user logs out. That's what users expect, and this is what you must do.
It depends what you've got loaded into the browser. Log in/out via a page refresh will be slower and present lag to your user. If you properly cleanup after yourself on logout (delete server side session, unbind presenters, clear caches) then it is really optional to refresh the page.
The universally accepted approach is to hide all data (i.e. redirect
to the login/home page or close the app completely) when a user logs
out. That's what users expect, and this is what you must do.
If your session management server side prevents any RPC's once you've logged out, and you no longer present/cache data, this is not an absolute necessity. Use digression based on your app needs, size, load time, and the sensitivity of the data it conveys.

Using securesocial services without using its views

I started integrating SecureSocial in my play/scala app, but I don't really like all the redirects it does between it's different views.
example - try to login from it's default login page and if you put in a wrong pass you will be redirected to a different page (url) but with the same login form. the only thing that is different is that there is an error message...
I want a simple login form (user/password provider) at the corner of my main page that submits it's data using ajax, this data is validated on the server and a response is made to either display error message/s or change the window.location.
Next to this form I will put a link to go to a more advanced login page that adds the option to use other providers like fb/twitter etc..
But from that page I also want to use ajax to submit the details and get the response.
I tried to browse into the SecureSocial source but got a little lost in there.
Can any one give me an idea how to use SecureSocial's but without using any of it's views?
NOTE: I'm not interested in customizing their views, It's not just a CSS/design issue, I want to handle the login details Ajaxly and not with normal form submission followed by redirects...
After some more rummaging around in SecureSocial code I got a better understanding of how it operates.
You can use any of the providers you listed in the play.plugins file seperatly to authenthicate the user's info from your own login/auth code. just make sure you send the right parameters that the provider needs.
I liked the way SecureSocial's ProviderController class dynamically decided what provider to use, based on a parameter. But I didn't like the responses it made - redirect.. I wanted to respond to an ajax request with some data and let the client side js handle it.
This is my solution:
pretty much copy all of ProviderController code to my own Auth.scala file (a Controller).
Changed the redirects related to "case ex, case _", kept the redirect on successful auth as it adds the SecureSocial session key related to the user.
Removed all the SecureSocial related routes from my routes file.
Put an additional hidden field with the logintype (userpass/google/fb/etc...) and configured my login ajax post to sent this along with the post to my Auth controller.
If you need more info comment here and I'll edit the answer.

Detect when user navigate from one web page to another

I am writing MVC3 web app I need to know at server side when user navigate from one web page to another. I do not need to know from what pages page to which just fact that user navigated. I could find this by adding Session variable to every Home Controller Actions but maybe there is better solution?
Use a global filter attribute for al your controller actions. You can set that attribute in the global asax. In that case you know when an action is hit.
You could try sending AJAX request bound to onbeforeunload browser event.
Basically, it happens on the client side, so the programming should also be in client. Javascript could be the way to go. Though it may deliver some inconvenience to the user.

Global.asax and user visits

I'm trying to dig around into an idea where we want to close a webiste for upgrades. So when a user hits our site, they are promptly re-directed to a page that tells them that the site is down for maintenance.
Theoretically, the entire process starts in the global.asax under the event session_start. We fire a command to the webservice to see if the service is down - if it is down, a false value is returned and the user is rerouted to a page that says the site is down otherwise normal operations continue. This is a non-password site.
Here's the idea with pages:
welcome.aspx
siteisdown.aspx
page1.aspx
page2.aspx
When the user visits the site, the code checks to see if the rest of the site is down for maintenance and if so, then the user is re-routed to siteisdown.aspx
We have that basic part down - but the real understanding is, the user - while still in the siteisdown.aspx page, could enter page1.aspx and continue on their merry way.
What we want to is is if the user enters page1.aspx they should be kicked back to siteisdown.aspx
What articles should I be looking at for this type of method? Forms Authentication?
There is already a feature for this built in. Deploy a static HTML file called "App_Offline.htm" to the root of your application and all requests will be routed there.
http://weblogs.asp.net/scottgu/archive/2005/10/06/426755.aspx

Resources