I have added an ActionFilter to my MVC site which checks if a user is currently logged on, by checking against a session value, if they are not, they are redirected to a login page. The action filter attribute is added to each controller, so regardless of the page the user tries to view they are redirected to the login view. This bit all works fine.
When the user successfully logs in, I want them to be redirected to the page they were trying to originally access, but I don't how to get my Login Post action to know where to redirect too.
Any help greatly appreciated.
You send along a ReturnUrl when you go to the login view. Then the action method for the login view uses that value to know where to return. The following may help:
ReturnUrl in ASP.NET MVC
as well as this
ASP.NET MVC - CustomeAuthorize filter action using an external website for loggin in the user
Related
I am new to Laravel. I am using Laravel's auth controllers for login/register on my website. After login/register, it will redirect to a dashboard. This is fine.
The problem is when the user (not logged in) submits a particular form. The form submission will take the user to a protected page. The auth system will intercept this (if not logged in) and ask for the user to login and the user can sign in. But after the sign in it won't get redirected to the actual destination. Instead, it goes back to the previous page. I tried the redirectto->intended() way in the middleware. It still does not work.
Found the solution. Use HTTP session. I am not sure if this is the best method.
POST the form to a route which doesn't need authentication
Validate and store the form data in the session using the controller
Redirect to the protected route where the auth will intercept and ask the user to login
After successful login, redirect to the original destination page using return redirect()->intended('defaultPage');
Access the form data from session inside the blade view
I am not storing any sensitive data in session. I have no idea how secure this method is.
If you have any suggestions please post.
Need some idea on the process to land in a page after I login to my web portal. My requirement is I will enter Url of a particular page in to the browser, then system will check is the user is login to the system, if yes it will land on the page I have entered but if not then system will take me to the login page and after successful login I will be landed in to the page I have entered in the browser.
So, please tell me how to do it in plain servlet/Jsp model, Spring and Struts 1 and Struts 2.
Any post will be helpful
I know about basic jsp/servlet model.
Write a Servlet filter which will intercept every request from the brwoser, there check is the user is logged in or not. If logged in your normal flow will continue but if not then redirect to the login page. When you are redirecting to the login page, make sure you send the url hit by browser in the response. Now in client side hold the url send in response and after eneter credentials in login page when user will submit the record send the url (Hold in the client side from response) in the request and after successful login use Servelet Request dispatcher to land in the url.
I am not sure but spring-security has this feature and struts 2. But implementation process can be share by others who are familiar on this technologies. But in struts 1 it's not available and you have to do it manually.
it will very easy with spring security you just need to secure some path pattern. you doesn't need to add some code in your jsp or controller, example
for url /admin/* need administrator role
for url /user/* need user role
for url /public/* no need login (anynomous)
it just need configure at your spring-security.xml
you can start here
I need to manage login in such a way that it should redirect the control after successful login to the page which call login method in pyrocms.
By default it return control to Home Page. for example i want to go gallery page but it require user to be logged in so it will redirect control to the login page and now i want to redirect the control back to the gallery page once the user successful logged in.
Finally, i have come with the exact solution which is working correctly for me.
Whenever user try to view the gallery page(restricted page) which require user login, we have to only assign the URL where we want to redirect after successful login in $redirect_to in the controller method:
$this->session->set_userdata('redirect_to',$redirect_to);
Then it will automatically redirect the control to the desired page. Because in the users controller the login function is developed in such a way that:
$redirect_to = $this->input->post('redirect_to') ? $this->input->post('redirect_to') : $this->session->userdata('redirect_to');
Hopefully this will help you sometime
I'm using Spring MVC for a personal webpage with a local Tomcat 6 server. I'm using a default Tomcat configuration(what eclipse would setup by default).
In my controllers(using one controller for each page, and creating Session beans to pass information between them) I have two methods, one for capturing a POST and one for capturing a GET Request Method. The page logic will have the user click a submit button and will use a "redirect:abc.htm" return to send them to a new page or back to the GET method.
I'm not explicitly handling cookies, but do have all the information in Session Beans and am using Spring Security to handle security/user management.
I have a spring security configuration to redirect the user back to the login page if they are not authorized. I also have an ExceptionHandler catching HttpSessionRequiredException, though this is not what is triggering when I expire the user sessions(it's using the logic of my Spring Security configuration).
When the session is expired(I'm doing this through Tomcat manager) the user is redirected back to the login page. They are redirected after they try to do something(click a submit, or revisit any page except login.htm).
My issue is that once they get back to the initial page that their session expired at, if at the time of expiration they clicked a submit button, it is redirecting them past the initial page and handling the POST event from the submit.
Example:
User is logged in, and on the main page
User Session Expires
User, on the main page, click a submit button
User is redirected back to the login.htm page
User logs in and navigates back to the main page.
Instead of following the logic of the GET for the main page, they are treated to the POST of the main page, and I'm not sure where the POST variables are coming from.
Is there any way to trace where this error is coming from or what exactly is causing it?
This is done by spring-security. Spring security stores the request details in the session before redirecting the user to the login page. On successful login it will retrieve the request details from the session and redirect to that.
You can set the always-use-default-target attribute of the form-login configuration to override this behavior.
I am trying to implement the following scenario:
1) A user is not logged in, and on page foo.
2) The user clicks login on that page which shows a lightbox.
3) The user logs in via the lightbox.
4) The page, foo, is refreshed upon login success.
Steps 1-3 are done. In step 4 right now, the user is always redirected to their profile page upon login IF the user is logging in via that lightbox method.
I have login redirects to pages if the user is trying to GET some page which requires login access. Then the user logs in and is automatically redirected to that page the user was trying to go to. But in the above scenario, the user is already on a page, and I want to refresh that page upon login.
Any tips on how I can implement the above?
Thanks.
An answer to your question would be to redirect to the current page instead of "refreshing" it :
redirect_to request.url
But, be aware that this will issue a REDIRECT, which means a 302 status code (rails default). You can specify the status code you want with :
redirect_to request.url, :status => 301
Hope this helps!
Make the login form in the lightbox submit via ajax (rather than the usual post). In Rails 3 just use :remote => true in the form. In the ajax response run some javascript that refreshes the page: window.location.href = window.location.href;
Note that there are many ways to accomplish your task, and this is just one option. I've found it to work well for me on my site: http://www.tmatthew.net/blog
One option you can easily use in many circumstances is:
redirect_to :back
This just sends the browser back to the page it originated the request from. This is handy when you have a form that appears in multiple places and you want the person submitting the form to be taken back to whatever page they happened to submit it from rather than always redirecting to a certain page (like you're describing).