so I come to you with a simple question: how is laravel session relay working.
My use Case: I have a laravel site cached with a varnish like so :
every get request is made as the user is not logged in
any user related info if loaded via ajax after the user loaded the page.
My problem is that I need to know in my front end if a user is logged in.
Things that I noticed:
Laravel session is not accessible in js
Laravel session is there even if the user is not logged in
I also tried to set my own cookie on login and unset it in on logout, but it my cookie is randomly diapering while the user is still logged in.
If someone has any idea on how to find out if my user is logged in from the standard cookies I would be so grateful.
You can pass the data to JS like I'm showing in my repo. For example:
<input id="authenticated" type="hidden" value="{{ auth()->check() }}">
And then get the data which will be true or false:
let authenticated = $('#authenticated').val();
Alternatively, you could use an Ajax call and execute auth()->check() in a controller method.
You can use in JS var userCheck= " <?php echo Auth::check();?> "; , then check if userCheck is equal to one then user is logged In otherwise not.
you can generate a token whenever a user is logged in and send it to the front-end and save it in the cookie. The cookie can have and the expiry time of say 5 hours. If during these 5 hours, user sends some requests, then the token is refreshed and 5 hour time starts again. In case, no request comes to the backend it means user is not active and you can log him out.
Related
After a user enters credentials on the login page, a post request is sent to the web server, which sends a cookie (if successful). On the client side, simultaneously, write the user details to my global redux store. On successful authentication from the server, I call window.location.href = 'newURL'. This call reloads my app. Now the user info I stored to the global store is lost, and I am not able to display username which was enetred by the user. How can I access the user credentials?
Thanks in advance :)
As mentioned in comments.
You need to use either localStorage or sessionStorage to keep the data alive.
For eg
localStorage.setItem("user", {"name": "abc"});
Now, though you logged out your data will be there in localStorage and you get the data using
localStorage.getItem("user");
If you want to remove then
localStorage.removeItem("user") or window.localStorage.removeItem('user');
Same applies to sessionStorage as well
I would like to know - how to implement a login in HTML5 where I want Login to be shown if session doesn't exists on first load and if any session with user data exists i want 'name' to be displayed instead of 'login'.
You cannot manage sessions without a server side language like PHP, Ruby, etc. HTML5 and JavaScript can only manage things on the user's side.
You should look at HTML5 Local Storage
https://www.w3schools.com/html/html5_webstorage.asp first. If this is not what you want then you have to use a server side language.
For using session object for login, you can do something like(PHP example):
1.Store the user's details in session object when user logs in via xyz.com/login
$_SESSION["username"] = "username";
2.When the user visits xyz.com next time, check if a value of a session object already exists.
if(isset($_SESSION["username"])){
// redirect to user profile etc.
}
else{
// show login page - xyz.com/login
}
For more info: https://www.w3schools.com/php/php_sessions.asp
My webapp allows different users to login in different tabs/browsers on the same machine with different credentials (using signInWithEmailAndPassword). I achieve this by calling firebase.initializeApp(config, 'appName'+new Date().getTime()) for each login
When the user closes the tab or reloads (in window.onbeforeunload) I call .auth().signOut() to log him out.
I now want to add a RemeberMe functionality to my app page, that is a tickbox that if (and only if) ticked, will allow following logins from the same machine and username without giving the password even if the machine was for example restarted in the meantime.
How can that be achieved ?
what I am thinking about is (when remember me is on) to generate a token on the client stored in a cookie and maintain a table on the db which links tokens to passwords, there are two problems with this, first of all the password is saved as is on the db which is bad and second the password needs to be sent back to the client which is also bad.
any better options ?
Starting with Firebase JS 4.2.0 you can now specify session persistence. You can login different users in multiple tabs by calling:
firebase.auth().setPersistence(firebase.auth.Auth.Persistence.SESSION)
And when the window is closed, the session is cleared.
For more on this, check https://firebase.google.com/support/release-notes/js#4.2.0 and https://firebase.google.com/docs/auth/web/auth-state-persistence
Just add a rememberMe checkbox to your login form with a reference variable(for an exmaple remember) and use firebase setPersistence like this,
firebase.auth().setPersistence(this.remember.checked ? fireauth.Auth.Persistence.LOCAL : fireauth.Auth.Persistence.SESSION)
(here I have used javaScript for the example)
I'm creating a web based application that requires people to register and login for access to certain pages.
I want to stop users from giving out their username/password to other people by denying access to more than one person using the same username at the
same time.
Don't know if its a great solution but you can keep a bit in users table and set it to 1 when user is logged in. And check it before login, if its set don't allow more logins by other users. On logout function unset this bit.
In spring security, we can able to manage user login like this,
<session-management>
<concurrency-control max-sessions="1"/>
</session-management>
So when the time user logged in, you will gonna set some session values, If one more user going to login using existing user logged in ID and password, before going to login condition, check those parameters in the back end. You can able to prevent user login from multiple times for the Same userLogin and Password.
You can use either database or distributed cache.
I prefer using database ( User_ID, SessionKey, LoginTime, Logout time)
After login, you have to record entry in database/cache with a unique session id. When login is attempted with same credentials, update existing entry with logout time and create new entry with recent login time
e.g. When you login with John,
the entry in table is like 'John','1020edf1','29-06-2015 00:10:00',null.
When second login comes after 10 minutes,
The entries in table will be like this
'John','1020edf1','29-06-2015 00:10:00','29-06-2015 00:20:00'
'John','10asdf21','29-06-2015 00:20:00','null'
Form your application, you can have reaper thread mechanism, which will remove inactive sessions if user tries to logout from the application.
Here session key is unique session id generated by application server.
I am trying to achieve that after user logs in to my app, I will have to send get request to my servlet, which will respond with servletOutputStream with some sound message like ('Hello User, how are you'). But I want it to be only once, not after the logged user refreshes the page and hears it again.
You can use localStorage as a general solution.
Check if the user already received the message before outputting the message:
if (!localStorage.getItem('messageSent')) {
// 1. create the message for the user here
// 2. make sure user does not get message again
localStorage.setItem('messageSent', 'true'); // any truthy value
}
Clear the localStorage when user logs out:
localStorage.removeItem('messageSent');
Based off your question, it seems you can even avoid the above solution and just output the message in the login logic (after user gets authenticated and logs in). When the user refreshes the page, it shouldn't show the message because the login logic should not run when the user is already logged in.
Set a cookie after the first run, and check for the presence of the cookie before. The cookie should only last the length of the current session, assuming you want the message to appear the next time they log in. A quick search should reveal how to set cookies in JS.