Delete User session of Azure ADB2C using MSAL - javascript

I have integrated Azure ADB2C in React SPA, using MSAL package. Both login and logout is working fine. My requirement is, After user successfully changes the password in Azure ADB2C update password page I am redirecting user to confirmation page stating that they have successfully changed the password and displayed a "Continue" button on click of that, the user will be made to signed out of the application.
The above scenario works fine, but if the user without clicking the "Continue" button, clicks on the browser back button, the user can visit the authenticated pages and the user is still authorized to visit the pages. But instead I want the user to get logged off from the application.
Is there any way in Azure ADB2C to delete the active user session alternatively without triggering the button.
While clicking on the button am calling Signout policy already defined.

Related

prevent all other user log in with the same user account, I tried the following

first tried
i create a login status field in table and by default it will be 0 and when user log in it will update to 1. so when other tried to login with the same account can not logged in.
but the problem is when i update the login status when user click to the logout button but when internet connect goes out or pc is shutdown or user close the browser without clicking the logout button then the login status could not be updated and always shows 'some one already logged in'.
second tried
I generate a login token at the time of login and store it the database and session also. On every event I check that database token with the session if true then let them process. and when other user login with the same account then the token is update and the previous user log out due to session did not match with the database
but i want that other user can not be logged in while one user is already logged in.
because I am creating the online exam portal so in this the first one is not work when user's browser is closed directly or system shutdown and the second one allow the other user to log in and logout the previous user
is there any way to prevent other user can not be logged in while one is log in
It looks like You need to keep track of active connected users live.
I would use web sockets.
Example stack would be: Node.js backend + socket.io library.
If You have and existing php application - maybe add a microservice for that.
Using javascript You can also track of device ID and specific device disconnect/reconnect due to the network problems.

Log out of Google Oauth in webapp from PHP

When the user authenticateswith the "sign in" with google button with javascript the user is redirected into my webapp basedon the successful return. I pass the id-token to the backend and use $client->verifyIdToken($id_token); to fetch and can get the userid ('sub'). Great!
When the user wants to logout, I need to kill the session on the backend so I have a page /logout that logs the user out and then redirects to the top page. However, the top page javascript login box still indicates that the user is signed in and triggers a sign in and gets redirected back into the webapp which is bad. If the user has logged out, I want them to have to click the Google "Sign in" button again and have it run automatically.
I've looked through all the documentation I can find for the PHP backend and I can't seem to find any way to log the user out of my app. I've even tried calling $client->revokeToken(); on the backend on the logout page but it has no effect.
Is there anyway to logout the Google user from my app on the backend or am I forced to detect if the user is logged in, call this javascript first and then proceed to my logout page?
<script>
function signOut() {
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
});
}
</script>
It would seem to me that there should be a logout from google (or revoke the current session in webapp (token?) ) from the backend but I can't find it for the life of me.
Google does not allow for third party logout. That being said your application can not log a user out of Google. If they allowed that then your app could also log me out of Stack overflow and every other third party website that i have logged in using my Google account.
What you need to do is remove the login to your own site by removing the cookie that was probably set somewhere.

Angular Session Issue

suppose I am on the home page or any page of application if I want to open any page like google from the same tab then i will remove current URL and type google.com then it will go to google page and if i click on browser back button
it will not go to home page of my application which is already login so it should go to the login page of my application in angular js
On your login page you should check if the user is already logged in. If the user is already logged in, redirect the user to where you want them to be.
An other option is to check before changing routes. If the user is logged in and wants to go to the login page, you can deny that route change. (check $routeChangeStart in the angular $route documentation)

Django and wordpress simultanous logout

I have this project in which user simultaneously login into Django as well as Wordpress accounts.
To achieve Simultanous logout, I used Javascript to delete the authentication cookie of Wordpress and thus automatically logging out the user. This works fine as long as user clicks on "logout" button. On clicking logout a Javascript function is called and wordpress cookie is deleted and thus making user logged out of Wordpress and user is logged out of Django by using normal Django functionality.
Now the problem occurs when user directly type the logout url "localhost:8000/logout" in address bar, this directly send request to Django server and without involving any JavaScript to delete the Wordpress cookie.
How to achieve Wordpress logout in this situation when user directly types the logout url of Django?
Note:- Wordpress and Django server are running on same host with different port.
Can you try with an one more browser,
For an example:
In an main browser you will log a Django project, an private browser (crtl+shift+p in an Firefox) you can use word press project.

Notify user to login on clear the browser cache

Hi
I am working on a web-application which deals which jQuery,Javascript,Html as a part of UI.
we have login authentication which will ask for username and password.so my question is how to notify the user automatically to login into my application, when user will clear the cache.
for example: do login into facebook. after login clear the cache of browser. instantly you will get a notification to login again. please help me out.
Save login information in a cookie. When it's no longer present - redirect user to your login page.

Categories