I have tried to set cookies in multiples domain that i own (for a better user experience, they will be so directly logged in on my different domains)
The cookies is secured, i know we can edit it so it's a 64 random letters key for every users.
I've tried to load cookies with this https://subinsb.com/set-same-cookie-on-different-domains/ method but apparently it didn't work because i so by inspect that google chrome (my browser) had block the request considering that as hacking.
So for now it's a button that allows the cookie to load by windows openning in javascript but the user has to close every single window when cookie are load (long and boring)
Is there any way to make my operation simple ?
Thanks for your help,
Your sincerely,
MySve
You can use window.close() to close the current window. But opening a window for every domain isnt a good solution, and cross origin cookies arent great either.
I'd recommend doing it like this:
Lets say that the user is on webpage 1, and logged in on webpage 4.
Your button should redirect you to website 2.
Website 2 should check if the user is logged in. The user is not logged in, so it redirect you to website 3.
The user is not logged in on website 3 either, so it redirects you to website 4.
The user is logged in on website 4, so it redirects you back to page 1.
Hope this helps! :D
Related
I've had a look around but I cannot seem to find the answer. Due to the "security" team at my company, they have stated that a website we have recently built, when a user navigates away from the website, we need to destroy the session.
Currently it's using a JWT token stored in the local browsers session, so when the user closes the browser the token will be destroyed.
So I know I can hook into window.onbeforeunload but this would also happen if the user refreshes the page, I don't think that would be acceptable behaviour for a website (refresh the page and now you are logged out). And there is also the Reload Site? popup that appears.
Does anyone know a way to detect that the user is navigating away from the angular app opposed to just reloading the page?
I am developing a web application and my requirement is as specified below.
I need to display four websites in a single browser window...(which i implemented using frameset)
I need to refresh the whole page (which certainly will refresh frames inside ) after 1 minute to update the frames content....(which i implemented using the java script)...
however in one of the frames i need to login to the 3rd party website. i am able to login and able to view the content after the login...however when the page refresh happens after 1 minute the page will be redirected back to the login page again and i have to login after each page refresh...
I googled this and found that it might be due to frames which does not set the cookies.for this i have implemented P3P policy also but the problem persists...
please provide the solution if anybody knows about this...
The javascript I used to refresh a page is
function timeRefresh(timeoutPeriod) {
window.setTimeout("location.reload(true);", timeoutPeriod);
}
window.onload = timeRefresh(60*1000);
If the cookies for the 3rd party site are set then your P3P looks fine and you can navigate fine for over a minute without losing session then the problem must be something with the timeRefresh()
As you can't get a customized URL of the 3rd party site in order to issue a specific reload and assuming that you have no control over the third party site, I suggest you do something different. Set up some JavaScript to load an image from the site (the logo or something else that won't change, or alternatively a script or page) every minute from a frame that you have control over. Because the browser is the same, any existing cookies from a login will be referenced and it will extend the login.
I have sent Email to My client with some links.. (http://example.com?id=1234).
When the User click this link, It will open a new tab and play same Video's using iFrame.
if the site is already open, no need to open a new window, and just launch the video on the already open window.
if the site is not yet open, then open a window with the site and play.
How can i find the site (http://example.com) already opened or not?
Is there option in JavaScript?
There is no way to run any client side code in an HTML formatted email. So this is impossible.
The closest you could come would be to:
use some kind of token to identify a user (e.g. stored in a cookie)
run some heart beat code to see if they are still on the page (e.g. use XMLHttpRequest to request a 1 byte file every 15 seconds using a page id generated when the page was loaded and the user id in the cookie)
check on the server to see if a heart beat from a different page was received recently when a new copy of the page is loaded
serve different content if it is
For security reasons this is not possible directly in JavaScript.
But you can work around and add a marker in the URL then detect server side if the site is already streaming the video to that computer (match with URL marker, IP and browser).
Upon response the server can say close or not...
I'm using the Telerik RadWindow control in one of my applications. When a user wants to authorize Twitter for the application the window displays the OAuth dialog for Twitter.
However, each time I display the pop-up for Twitter OAuth, or even just the plain Twitter page, the entire browser is redirected.
The control works just fine when the URL is pointed at a site other than Twitter. I'd like to see if I can block that redirect, or if perhaps there's an easier way to accomplish the OAuth confirmation. Any advice on how to implement this functionality would be greatly appreciated.
Thanks in advance.
This behavior is probably caused by Twitter. In fact, it should happen on many other sites as well (Facebook and similar). To prevent malicious sites from stealing user passwords, the login page detects if it is displayed in an inline frame (IFRAME element, such as the one used in RadWindow) and if it is, the whole browser window is redirected. This way they can ensure that no rogue JavaScript will be running while the user enters their username and password.
Twitter has properly created their authorization page to prevent cross-site scripting attacks, which means you can't embed it in a frame, or javascript pop-up.
Unfortunately, the only other way to "authorize" is a full redirect, or with a pop-up window, assuming your users allow pop-up windows.
The problem with the pop-up is that you then need a way to "close" it when twitter redirects back to your application. It can be done, but it's a bit tricky to do and who knows if it'd work in multiple browsers. Best to just let your site do a full redirect for now.
I'm making a static HTML demo that emulates the behavior of a web portal that logs you out when you press the back button.
How might one do this using javascript? Is it possible?
It is generally considered bad form to override the behavior of the Back button.
You can use cookies to send a value between pages. For the demo, the logout page could set a "LoggedOut=1" cookie. Then in the top of all of your site's pages, have javascript that checks for the cookie. If set, redirect the user to the home page. The trick is that you have to use javascript to handle the redirect since the script has to already be in the user's browser cache.
Note that this doesn't add any security to the app. It just adds a layer of obfuscation.
It is possible to hack with iframe element to hijack previous entry in the browser history, so single click of back button will return to 'not logged in' state. GMail uses that heavily, thats why they still have 'basic HTML' webmail UI.