Hi
I am working on a web-application which deals which jQuery,Javascript,Html as a part of UI.
we have login authentication which will ask for username and password.so my question is how to notify the user automatically to login into my application, when user will clear the cache.
for example: do login into facebook. after login clear the cache of browser. instantly you will get a notification to login again. please help me out.
Save login information in a cookie. When it's no longer present - redirect user to your login page.
Related
I have integrated Azure ADB2C in React SPA, using MSAL package. Both login and logout is working fine. My requirement is, After user successfully changes the password in Azure ADB2C update password page I am redirecting user to confirmation page stating that they have successfully changed the password and displayed a "Continue" button on click of that, the user will be made to signed out of the application.
The above scenario works fine, but if the user without clicking the "Continue" button, clicks on the browser back button, the user can visit the authenticated pages and the user is still authorized to visit the pages. But instead I want the user to get logged off from the application.
Is there any way in Azure ADB2C to delete the active user session alternatively without triggering the button.
While clicking on the button am calling Signout policy already defined.
I'm currently trying to find a way to redirect the user to an external protected page, for example foo.com/dashboard. I have the user login credentials and auth cookie for the page. So my question is that how I can redirect the user to that page already logged in, so the user doesn't have to login, I do the login? I will have to add an Cookie header to the request, but it isn't possible with html.
For example, my website is bar.com and I have the users auth cookie to foo.com.
i want to be able to redirect the user to the dashboard
dashboard, but it's not possible to add a header to a html link.
I have the user login credentials and auth cookie for the page. So my question is that how I can redirect the user to that page already logged in
In general, you can't.
There is no way to set cookies for a different origin. That would be a major security problem.
It might be possible to submit the login credentials to the login mechanism on the other site, but that would depend on the site supporting a login mechanism that allowed it (e.g. a form submission) and not doing anything that would prevent it (such as CSRF defences or a CAPTCHA).
Directing them to a specific page there would require support for that (e.g. the login form supporting a "go to page X after login" parameter).
When the user authenticateswith the "sign in" with google button with javascript the user is redirected into my webapp basedon the successful return. I pass the id-token to the backend and use $client->verifyIdToken($id_token); to fetch and can get the userid ('sub'). Great!
When the user wants to logout, I need to kill the session on the backend so I have a page /logout that logs the user out and then redirects to the top page. However, the top page javascript login box still indicates that the user is signed in and triggers a sign in and gets redirected back into the webapp which is bad. If the user has logged out, I want them to have to click the Google "Sign in" button again and have it run automatically.
I've looked through all the documentation I can find for the PHP backend and I can't seem to find any way to log the user out of my app. I've even tried calling $client->revokeToken(); on the backend on the logout page but it has no effect.
Is there anyway to logout the Google user from my app on the backend or am I forced to detect if the user is logged in, call this javascript first and then proceed to my logout page?
<script>
function signOut() {
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
});
}
</script>
It would seem to me that there should be a logout from google (or revoke the current session in webapp (token?) ) from the backend but I can't find it for the life of me.
Google does not allow for third party logout. That being said your application can not log a user out of Google. If they allowed that then your app could also log me out of Stack overflow and every other third party website that i have logged in using my Google account.
What you need to do is remove the login to your own site by removing the cookie that was probably set somewhere.
In web app i'm redirecting my user to payment gateway's URL to complete the transaction.
After successful payment user will be redirected back to my web app.
Problem is, if user hits browser back button he/she will again go back to payment gateway's URL which will redirect the user back to my web app with stale payment status.
Yes i can handle stale payment status in backend, but how do we handle browser history?
When user lands in the web app's payment status page can i somehow delete the browser history paths related to payment gateway's URLs?
Try this from preventing user to go back https://www.aspsnippets.com/Articles/Disable-Browser-Back-Button-Functionality-using-JavaScript.aspx
This is pretty dramatic behavior, and not a very friendly one for the user...
Another solution is to recognize when user is getting out of your page via onbeforeunload confirm() on window.onbeforeunload
inform that he is getting out if the payment method, via prompt() https://www.w3schools.com/jsref/met_win_prompt.asp
I have a simple web app where users can login via Facebook to CRUD objects (and show them on a map).
I successfully implemented the login and logout functions using the full example code from Facebook documentation, but the user doesn't stay logged in.
When I log in, I'm able to display the my Facebook Surname and Name, but when I refresh or go to the next page of my app, the Facebook API tells me that I'm not connected (anymore) and thus I have to reconnect.
The same happens with the full example code. On page refresh: you have to login again.
Am I missing something here ?
That was pretty dumb but my browser (chrome) was blocking cookies from facebook.com on my website, so I couldn't stay logged.
Resolved the problem by authorizing facebook.com cookies on my website.