I am new to Angular, I am developing Angular 6 application. I have used callback which called when we refresh and close page:
#HostListener("window:beforeunload", ["$event"]) unloadHandler(event: Event) {
console.log("Processing beforeunload...");
event.returnValue = true;
}
But Now my requirement is, when we close browser then i should sign out. And i have implemented this in above code sample(Removing token from local storage).
But problem is when i refresh page this callback called and it removes token.
Is there other way to handle these two conditions using other callback??
Thanks in advance
Try Storing the token as a cookie without specifying a date,then the cookie is removed once the user quits his or her browser.So when he or she open the browser token will be no longer available and will be redirect to sign in.Hope this helps.
Related
My question is kind of a follow-up to this somewhat old post, which is why I though of asking here, instead of just asking via comment there.
My question is straightforward: I have an online platform with very tight session restrictions (samesite, httponly, short lifetimes, etc.), and while a user is logged into the platform, they may execute payments. These payments may redirect them to an intermediary foreign domain and then back to mine for authentication. Without a workaround (that I've coded and it works) for the session restorage, the session gets lost and the process breaks.
Even though I have a working workaround; I wondered if it is not possible to open the redirect page in a new tab via js (because the redirect has to work in js at the current stage anyway), confirm the payment, then, when the payment gets confirmed, close the banking tab and do the according refreshes on the platform tab. Is this possible via js ? The problem I see with the linked solution is:
btn.onclick = () => {
const win = window.open(
'http://www.stackoverflow.com',
'Secure Payment');
const timer = setInterval(() => {
if (win.closed) {
clearInterval(timer);
alert('"Secure Payment" window closed!');
}
}, 500);
}
How can I know when the client finished the authentication in the other tab, + prevent the redirect that will automatically triggered in that case, to the redirect target post-authentication that you normally provide when requesting the payment? Is there a way to track all of this in js? Because I don't see any...?
As you may know, in chrome or firefox mobile, when you are visiting a webpage, if you close the browser and then open again, the first thing the app does is to open that webpage again, but it opens the version you left when you closed, so, for example if you're watching a forum thread with 4 posts and close, the next time you open you see the same thread with the same 4 posts even if there were new posts, the only way you can know is reloading the page.
I'm facing issues because my session variables expires but the page in a previous version is opened and then I get loads of notices due to the session variables not being defined.
I need to find a way to force the mobile browser to open a fresh instance of my page, so if the session variables already expired, the user is redirected to the proper page.
Thanks in advance.
If you use a library like axios, you can handle errors caused by your invalid session with interceptors and trigger a page reload programmatically.
axios.interceptors.response.use(function (response) {
return response;
}, function(error) (
if(error.statusCode === 401)
window.location.reload(); //or whatever
return error;
});
On my Django site, I want to logout from the site automatically when I close the tab or browser. I mean when I close the site by closing the tab instead of using logout button, after entering the URL again, I want to see that the user has already logged out from the site to force the user to enter username and password again.
Is there a way to handle closing the tab in JQuery?
Thank you in advance.
Edit: onunload & onbeforeunload events cause to logout the user when also reloading the page.
Add your logout code to the on onunload event.
window.onunload = function () {
//logout code here...
}
In JQuery you can use the .unload() function. Remember that you don't have much time so you may send the Ajax request but the result may not reach the client.
Another trick is to open a small new window and handle the logout there.
window.open("logout url","log out","height=10,width=10,location=no,menubar=no,status=no,titlebar=no,toolbar=no",true);
If you want to disable closing the window (or at least warn the user), you can use this code:
window.onbeforeunload = function(event) {
//if you return anything but null, it will warn the user.
//optionally you can return a string which most browsers show to the user as the warning message.
return true;
}
Another trick is to keep pinging the client every few seconds. If no reply comes back, assume the user has closed the window, browser has crashed or there is a network issue that ended the chat session anyway. On the client side, if you don't receive this ping package, you can assume that network connection or server has a problem and you can show the logout warning (and optionally let the user login again).
You can use Javascript onunload & onbeforeunload events. In these events destroy the session cookie for Django.
Those events are also fired when you leave a site over a link or your browsers back button so be careful and think twice if this is really what you want.
I just ran into this. In your Django settings.py file, you can add the flag:
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
This will log the user out when the browser is closed. Note that the user will remain logged in if there are other tabs or windows still open (the browser must be completely closed).
window.onunload = function () {
//logout code here...
window.open("logout url","log out","height=10,width=10,location=no,menubar=no,status=no,titlebar=no,toolbar=no",true);
}
This code works.
this will open a small pop up window for the logout url.
I'm pretty new to Ember.js and ember-simple-auth, so I hope you can help me.
I'm using ember-simple-auth in my application. What I want to do is to invalidate the session when the browser is closed or the user leaves the page. This is only supposed to happen if the user previosly logged in (thats why put it in the authenticate action).
I tried something like this:
actions: {
authenticate: function() {
var _this = this;
this._super().then(null, function(message) {
_this.set('errorMessage', message);
});
$(window).on('beforeunload',function() {
_this.get("session").invalidate();
});
}
}
The problem is that it does not work when closing the browser. Also when I change the URL (to leave the application, for example www.google.com) it transitions to "/" and does not open the desired URL.
So the question is: How do I invalidate the session when the browser closes (or when the user leaves the application).
Thanks.
I'm not sure how you would handle the case when the user leaves the application (you can probably handle some navigation event and the invalidate the session with this.get("session").invalidate();). To invalidate the session when the user closes the browser though, the best solution is to use the cookie session store and configure a sessionExpirationTime of null so that the cookies are session cookies that get deleted automatically when the browser is closed.
My application uses oauth to allow a user to login to Salesforce, and after logging in, they can access the application. What currently happens is:
The user clicks the "login" link, and is redirected to Salesforce
The user logs into Salesforce, and is redirected to the URL I specified
My server processes the request and redirects them to the home page
What I would like to do is this:
The user clicks on the "login" link, and a new window (window.open) with the Salesforce login page appears
The user logs in, and is redirected to the URL I specified
Once the server redirects to the home page, the home page fires a success or logged_in event in the window, which the original page listens for and interprets
This is what I've made so far (assume there is <button id="login">Log in</button>)
$('button#login').on('click', function() {
var popup = window.open('/auth/salesforce', 'login', '...');
popup.addEventListener('success', function() {
popup.close();
alert('Logged in');
});
});
and in the home page, I added to the section that displays when a user is logged in successfully:
var event = window.createEvent('loginSuccess');
event.initEvent('success', true, true);
window.dispatchEvent(event);
However, the success event is never fired. How would I fire a success event in the home page, to alert the original page that the user is successfully logged in?
Edit: I noticed there is the window.postMessage method, as referenced in the MDN docs. Is this what I should use? Or should I use another method to capture a successful login event on the newly created window?
I recently just put the same OAuth in our application. Don't try to use a new window to auth users just like all the social networks just let the page that the user is on go to the auth screen and then redirect you back... The only other way this can be done (and i'm not sure salesforce has this yet) is a javascript auth process.
Through my research, I found that the best way to accomplish this, at least if I don't need to support IE browsers, is to look at the window.opener value, and if it exists, run a function defined in window.opener. For example,
if (window.opener) {
window.opener.userIsLoggedIn();
}
window.close();
userIsLoggedIn() would be defined in the parent window that opened the new pop-up.
With that said, a couple caveats: in certain IE environments, window.opener will lose its value due to some security restrictions, thus making window.opener null and never firing the userIsLoggedIn() method on the parent window. In these cases, I would listen for the close event on the created window, and if the userIsLoggedIn() function hasn't fired, refresh the page. A second caveat is that you will only be able to call window.opener.userIsLoggedIn() if and only if it matches the Same Origin Policy; see the Wikipedia article on the subject. If this poses an issue and you cannot work your application around these restrictions, see this project for possible workarounds/hacks.
I don't have a need to support IE so I have not created this code, but if the window.onclose method fires in IE, listen for the window.onclose event and perform your checks after this happens.