I am developing a webpage using HTML, CSS & JS. In a section with a list of links, when a user clicks on any of the items in the list I want the user to first have to sign in before they continue on the path of the item they selected and I want to do this without having to duplicate a sign-in page for each stage. I want the link to first go to the login page(login.html) then continue or go back to the path it was on
the problem now is I don't know how exactly I can achieve this without creating multiple copies of the login page
You must persist user state somewhere, either in browser (not safe at all) or on server.
In server: Save information to cookie/session
In browser: Save information to session/local storage
On every protected page visit check if user has been authorized by checking previously set flag. If it's not authorized, then redirect to login page. After successful authorization redirect back to requested protected page.
Related
I'm redirecting my user from e.g. olddomain.com to newdomain.com.
If the user goes directly to newdomain.com I'm just displaying the page, but if the user was redirected from olddomain.com, then after redirecting and displaying page I want to additionally display some modal to user (saying "hey, we just changed our name to newdomain"). Is it possible to detect in JavaScript if the user was redirected so that I can display the message?
I believe it's impossible to do with DNS redirect, but is it possible using load-balancer redirection (that would be ideal) or in JS by changing window.location?
I'm migrating from the Google sign-in platform library to the new Google Identity Services with one-tap sign in, but the website automatically logs the user out when they refresh or go to a different page.
This is the code that's present on every page that loads the one-tap sign in:
<div id="g_id_onload"
data-client_id="[CLIENT ID]"
data-callback="onSignIn"
data-auto_select="true">
</div>
Removing this just keeps the user logged out with no way to log back in. There is a cookie, g_state, that stores the user's login, as well as attributes to display the popup based on its presence, but working with this also keeps the user logged out with no way to log back in.
Is there any way to prevent automatic logout on refresh?
Setting a cookie to track user sign-in status to your site should do it.
A few things to be aware of:
Your callback handler will manage the signed-in or signed-out status for users, here OnSignIn.
The cookie name set by data-skip_prompt_cookie is used to suppress One Tap after the user successfully signs into your website -- you've already logged in right, so stop bothering me with One Tap prompts. So, after someone visits any page and signs in, you'll issue a cookie so that One Tap isn't displayed when the next page is loaded. You'd want to clear this cookie when they sign out of your website.
The data-skip_prompt_cookie helps you control when to display One Tap when you're using static HTML, when using JS you'd choose to display One Tap by calling google.accounts.id.prompt or skip calling it and displaying One Tap.
Avoid using or referencing g_state entirely, it currently helps manage how to display the UI and isn't intended to be used as a means to try and track signed-in or session status. Instead, track user sign-in using your own cookie and data-skip_prompt_cookie.
I am currently linking a link to a page on my website. When the link is clicked, an external page of the government is immediately loaded in which the user must authenticate by a form. by doing so it redirects according to the attribute ReturnUrl.
go to autenticate
Once authenticated, if I try to click on the link, I can not authenticate anymore and it redirects me instantly. I'm trying to close the session to authenticate again. but I am unable to access that form, unless from google chrome delete the cache completely. also observe from google chrome cookies, sessionStorage, localStorage and I do not find that there is something. What I can do?
What can I do so that when I click again on the hyperlink it forces me to authenticate again and does not redirect me to my page ?. I need log out
I am new to web development and I am trying to implement log in functionality. I have successfully implemented the log in functionality. When I open www.bla.com/login I am able to log in post which gets redirected to the homepage.
Problem: If open another tab and type: www.bla.com/login it again opens login page. Ideally if I am logged into one of the tab, I should be redirected to homepage irrespective the url being pointed to login page.
P.S: I am not sure what chunk of code I need to share here because I am not sure what causes this issue. Please help or let me know if I need to post my code base. I am using JavaScript and backbone as front end.
EDIT
I have a REST Service which gets hit when I login and REST service gives me back a User Specific Token. I use this user specific token to again call another Rest Service to fetch more user specific data.
So, basically I need to put a check on this token received. The token received I have stored in browser session. But when I go to another tab and try to access that token its NULL. So I am assuming every tab in browser does not share the session storage. If Yes, then where shall I place this Token so that if someone hits the login page I should check whether a token already exists. if exists then redirect to home page. Kindly guide.
It is hard to say without seeing your code, so let me make an educated guess:
Most likely you do not create cookie with some sessionId after user is successfully logged in.
This cookie would be then used in every request sent to the server, to prove that user is indeed authenticated.
When you open a new tab and there is no cookie/session created, than this new instance of application has no knowledge of the other instance, where user is already logged in.
You may want to look at this answer
EDIT
Maybe you are using sessionStorage instead of cookies. At least I would say so, when I read about behaviour of your app.
See the docs for session storage
The sessionStorage property allows you to access a session Storage
object. sessionStorage is similar to Window.localStorage, the only
difference is while data stored in localStorage has no expiration set,
data stored in sessionStorage gets cleared when the page session ends.
A page session lasts for as long as the browser is open and survives
over page reloads and restores. Opening a page in a new tab or window
will cause a new session to be initiated, which differs from how
session cookies work.
So make sure that you application store the token either in cookies or in localStorage. And also that it correctly reads from them. Maybe the cookies is created, but never read?
I have a blog that requires users to login to view the content. But my page checks for a cookie, if cookie exists then it shows the content (to avoid users having to login repeatedly).
I want to send out an email to my subscribers with links to new posts. Is it possible for me to create a cookie when they open the email or click the link and then recognize that cookie on my website to prevent the requirement of them needing to login?
No.
Most email clients capable of rendering HTML will not, by default, load any remote content or run scripts. And using a JavaScript cookie for authentication is inherently insecure anyway.
Give the a link to click on in the email with a one-time-password and set a http-only, secure cookie from the page the URL links to.