Safari browser logout issue windows authentication - javascript

After logout page, if user doesn't close the browser window and return to site again, no authentication box is displayed, because the username and password are stored on browser cache.
In IE, document.execCommand("ClearAuthenticationCache") is working fine. but this does not seems to work with safari.
I have tried the following options,
1) Response.Statuscode=401 (from server side)- This clear the authentication cache and gives the credential popup, but it's not accepting even if we give correct credentials. If we click on cancel and try to access the page again then it works fine.
2) Using XMLHttpRequestfrom Client - When I try to open the URL on the same site with blank crendentials, the readyState and statuscode always returns 0
function testfn() {
alert("send completed");
alert(XMLHttp1.readyState);
}
function run()
{
XMLHttp1 = new XMLHttpRequest();
XMLHttp1.onreadystatechange = testfn();
XMLHttp1.open('GET', 'http://172.22.164.253/test/testxml.xml', true, '_', '_');
try {
XMLHttp1.wi
XMLHttp1.send();
alert("sent");
alert("status" + XMLHttp1.status);
alert(XMLHttp1.status == 401) ;
}
catch (ex) {
alert("Exception: Got an exception. " + ex);
}
}
3) Clear Cache - Tried all the below code with various combination, but no luck
Response.ExpiresAbsolute=DateTime.Now.AddDays(-1d);
Response.Expires =-1500;
Response.CacheControl = "no-cache";
Response.Redirect("Login.aspx");
Page.Response.Cache.SetCacheability(HttpCacheability.NoCache);
Page.Response.Cache.SetNoStore();
Please advise me on the solution to logout from Safari while working on ASP.NET pages with windows authentication.

Related

Is there a way to detect if the browser has a mailto protocol handler set?

I have a site that dynamically builds a mailto url which it then opens in a new tab/window, using window.open().
window.open("mailto:" + encodeURIComponent(r["to"]));
I'm testing in Chrome at this stage, so other browsers may act differently.
If Chrome has a mailto protocol handler set up (e.g. GMail), then it works as expected.
If Chrome does not have a mailto protocol handler set up, it just opens a tab with the mailto url and nothing else.
That's not the worst result, but it would be nice if there was a way of knowing in advance, so that the user could be in some way guided to setting up their browser so that the mailto url worked nicely.
Previously, I was just opening in the same page by setting window.location.href to the url:
windows.location.href = "mailto:" + encodeURIComponent(r["to"]);
This wasn't great because if there was no protocol handler set, nothing happened. I also would consider this as an option, IF I can at least detect the situation, but wasn't able to find any indication of that either. I guess one option would be to set a timer which if it reached execution could alert the user?
Anyone else already solved this? Seems like a pretty common requirement.
Thanks
Here's what I ended up working with. It doesn't work in all cases, but provides at least some help in recognising unhandled protocols.
It attempts to open the URL in a new window and then after 2s it takes a look to see if it can read the location. If it has opened a third party site (e.g. GMail) this will raise and exception - so we treat this as success.
If no exception occurs, this returns "about:blank" which means we (probably) failed.
function openWin(url) {
return new Promise((resolve, reject) => {
const w = window.open(url);
if (!w) {
reject();
}
setTimeout(function() {
try {
const working = w.document.location.href;
} catch (e) {
resolve();
return;
}
w.close();
reject();
}, 2000);
});
}
Called with something like this:
openWin('mailto:' + encodeURIComponent(to)).then(() => {
// handle success
}).catch(() => {
// handle failure
});
Caveat: This only works for web-based protocol handlers. If for example your mailto is handled by an email app, then this will fail.
In my case, most people would be using web-based email, so it works for most cases. On failure I show a message to the affect of "If your email didn't open, copy the email address here..."

Facebook OAuth "Unsupported" in Chrome on iOS

The Facebook OAuth popup is throwing an error in Chrome on iOS only. Both developers.facebook.com and google have turned up nothing about this. Ideas?
You can use the redirection method as follow for this case (by detecting the user agent being chrome ios):
https://www.facebook.com/dialog/oauth?client_id={app-id}&redirect_uri={redirect-uri}
See more info here https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/
Remark: I personnaly use the server OAuth in that case but this should do the trick and is quite simple
This is how I did it (fixing iOS chrome specifically)
// fix iOS Chrome
if( navigator.userAgent.match('CriOS') )
window.open('https://www.facebook.com/dialog/oauth?client_id='+appID+'&redirect_uri='+ document.location.href +'&scope=email,public_profile', '', null);
else
FB.login(null, {scope: 'email,public_profile'});
Here is a complete workaround for your FB JS Auth on Chrome iOS issue http://seanshadmand.com/2015/03/06/facebook-js-login-on-chrome-ios-workaround/
JS functions to check auth, open FB auth page manually and refresh auth tokens on original page once complete:
function openFBLoginDialogManually(){
// Open your auth window containing FB auth page
// with forward URL to your Opened Window handler page (below)
var redirect_uri = "&redirect_uri=" + ABSOLUTE_URI + "fbjscomplete";
var scope = "&scope=public_profile,email,user_friends";
var url = "https://www.facebook.com/dialog/oauth?client_id=" + FB_ID + redirect_uri + scope;
// notice the lack of other param in window.open
// for some reason the opener is set to null
// and the opened window can NOT reference it
// if params are passed. #Chrome iOS Bug
window.open(url);
}
function fbCompleteLogin(){
FB.getLoginStatus(function(response) {
// Calling this with the extra setting "true" forces
// a non-cached request and updates the FB cache.
// Since the auth login elsewhere validated the user
// this update will now asyncronously mark the user as authed
}, true);
}
function requireLogin(callback){
FB.getLoginStatus(function(response) {
if (response.status != "connected"){
showLogin();
}else{
checkAuth(response.authResponse.accessToken, response.authResponse.userID, function(success){
// Check FB tokens against your API to make sure user is valid
});
}
});
}
And the Opener Handler that FB auth forwards to and calls a refresh to the main page. Note the window.open in Chrome iOS has bugs too so call it correctly as noted above:
<html>
<head>
<script type="text/javascript">
function handleAuth(){
// once the window is open
window.opener.fbCompleteLogin();
window.close();
}
</script>
<body onload="handleAuth();">
<p>. . . </p>
</body>
</head>
</html>
My 2 cents on this as noone of the answers were clear to me. Im firing the login js dialog on a button click, so now when it's chrome ios I check first if the user it's logged into facebook and if not I send them to the login window. The problem with this is that chome ios users needs to click connect button twice if they are not logged into facebook. If they are logged into facebook one click is enough.
$( 'body' ).on( 'click', '.js-fbl', function( e ) {
e.preventDefault();
if( navigator.userAgent.match('CriOS') ) {
// alert users they will need to click again, don't use alert or popup will be blocked
$('<p class="fbl_error">MESSAGE HERE</p>').insertAfter( $(this));
FB.getLoginStatus( handleResponse );
} else {
// regular users simple login
try {
FB.login( handleResponse , {
scope: fbl.scopes,
return_scopes: true,
auth_type: 'rerequest'
});
} catch (err) {
$this.removeClass('fbl-loading');
}
}
});
That bit of code make it works for chrome ios users. On handle response I simple take care of fb response and send it to my website backend for login/register users.
var handleResponse = function( response ) {
var $form_obj = window.fbl_button.parents('.flp_wrapper').find('form') || false,
$redirect_to = $form_obj.find('input[name="redirect_to"]').val() || window.fbl_button.data('redirect');
/**
* If we get a successful authorization response we handle it
*/
if (response.status == 'connected') {
var fb_response = response;
/**
* Make an Ajax request to the "facebook_login" function
* passing the params: username, fb_id and email.
*
* #note Not all users have user names, but all have email
* #note Must set global to false to prevent gloabl ajax methods
*/
$.ajax({...});
} else {
//if in first click user is not logged into their facebook we then show the login window
window.fbl_button.removeClass('fbl-loading');
if( navigator.userAgent.match('CriOS') )
window.open('https://www.facebook.com/dialog/oauth?client_id=' + fbl.appId + '&redirect_uri=' + document.location.href + '&scope=email,public_profile', '', null);
}
};
Hope it helps!
Not a real answer but based on this thread worth noting that is started working for our app, on Chrome when on the iPhone we did General>Reset>Reset Location & Privacy
I got a solution for ios facebook website login in google chrome . Actually the issue was with google chrome in ios when we click on facebook login button it give internally null to the window.open in ios chrome .
There are two solution either to check it is chrome in ios(chrios) and then generate custom login screen ( still not chance that it will we correct ).
Second what i have used. Is to use facebook login from backhand create a api hit will populate facebook screen and then when login is done it will redirect to your server from where you will redirect to your website page with facebook data.
one other benefit of it is that you create 2 website for same website owner you can not set two website url in facebook developer account .In this way you can create many website facebook login with same facebook appid .
This is a very common issue which all developers have faced while implementing the FB login feature. I have tried most of the Internet solutions but none of them worked. Either window.opener do not work in Chrome iOS or sometime FB object is not loaded while using /dialog/oauth.
Finally I solved this by myself after trying all the hacks!
function loginWithFacebook()
{
if( navigator.userAgent.match('CriOS') )
{
var redirect_uri = document.location.href;
if(redirect_uri.indexOf('?') !== -1)
{
redirect_uri += '&back_from_fb=1';
}
else
{
redirect_uri += '?back_from_fb=1';
}
var url = 'https://www.facebook.com/dialog/oauth?client_id=[app-id]&redirect_uri='+redirect_uri+'&scope=email,public_profile';
var win = window.open(url, '_self');
}
else
{
FB.login(function(response)
{
checkLoginState();
},
{
scope:'public_profile,email,user_friends,user_photos'
});
}
}
Notice that above I'm passing an extra param to the redirect url so that once the new window opens with above redirect uri I could read the values and can say yes this call is from Chrome iOS window. Also make sure this code runs on page load.
if (document.URL.indexOf('back_from_fb=1') != -1 && document.URL.indexOf('code=') != -1)
{
pollingInterval = setInterval(function()
{
if(typeof FB != "undefined")
{
FB.getLoginStatus(function(response) {}, true);
checkLoginState();
}
else
{
alert("FB is not responding, Please try again!", function()
{
return true;
});
}
}, 1000);
}

User closes a tab (implies logout) of many tabs, these are not redirected to index

I have the following problem
I use a filter that enables user navigation to authorized pages, otherwise it derives to index.
Obvious, but it must be said, One browser one session.
Additionally, when the user closes the browser or tab his session expire.
The problem arises when the user opens new tabs and he closes one of them, implying that the session is invalidated and the other tabs not redirect to index, because it has no ajax events.
One of the solutions I tested.
Only log off when only exist one tab, for that I will have to count the tabs in some a session variable or otherwise in the servlet's variable (on this page I read this solution, but i did not understand this example ...).
This is the code that goes in the servlet, but does not explain how it
is implemented.
public void trackUserTabs() {
String onload = Controller.getParameter(ONLOAD_ID);
if (onload != null && onload.trim().equals("true")) {
openedTabs++;
System.err.println("onload: " + controller.getCurrentPrinciple() + "..........." + openedTabs);
}
String onunload = Controller.getParameter(ONUNLOAD_ID);
if (onunload != null && onunload.trim().equals("true")) {
openedTabs--;
System.err.println("onunload: " + controller.getCurrentPrinciple() + ".............." + openedTabs);
}
if (openedTabs <= 0 && controller.getCurrentProfile() != null) {
/**
* All tabs are closed, log out current user.
*/
controller.logoutCurrentProfile();
}
But it have a detail, I may not tell when the user closes the browser
or tab.
Another solution.
Using a poll to call a function in javascript and ask if this logged.
Try using this function but had no positive results.
function ComprobarSessionExpirada() {
var request = false;
if(window.XMLHttpRequest) { // Mozilla/Safari
request = new XMLHttpRequest();
} else if(window.ActiveXObject) { // IE
request = new ActiveXObject("Microsoft.XMLHTTP");
}
var url = '/ACP_3.0/pag/resumen.jsf';
request.open('POST', url, true);
request.onreadystatechange = function() {
alert('a');
if(request.readyState == 4) {
var session = eval('(' + request.responseText + ')');
if(session.valid) {
alert('ok');
// DO SOMETHING IF SESSION IS VALID
} else {
alert('Your Session has expired');
window.location = '/ACP_3.0/index.jsf';
}
}
}
request.send(null);
}
EDIT:
I forgot to mention that I maintain user information in a bean of
application, this allows know the status of the user for the chat I
did.
So, you need to identify when the user closes the session
directly (logout) or indirectly (close your browser or timeout),
because if it does not close the session, the status of the user
always stay online.
To identify when he log off, I use a prelude to
the destruction of session.
Implement HttpSessionListener where the
method sessionDestroyed change the user's status in the application
bean.
I am probably not the only one who thinks this so; don't try to tie sessions to tabs, browsers aren't designed this way for a purpose.
Most normal use cases will suffer from the design that a session will die when a tab is closed. What if a user accidentally closes his last tab?

GET HTTPs request not working properly in phonegap

I'm running this app in an Android phone (Samsung Galaxy mini running on ANdroid 2.2). I'm using couchdb for my database and host it on cloudant.
On device ready, the app will make a get request to the https db server which contains feeds of data that i need to be displayed in my app. At first, it was working fine but when i try to post and add new data to my https db server, then trigger the get request method, the returned response from the server is still the same as before(the newly posted data was not included even though i checked my db server and saw that it was indeed saved). Then i tried to close and reopen the app again, which will then make a new instance of the get http request, but still, the response still is the same as the very first one and doesnt contain the new data that was added to the db server. Then, I tried to reinstall my app, then run the app again, and oddly enough, the response from the get request now contains the new data.. I don't know how that happens, and I'm not really experienced with REST api and javascript so I might be doing something obviously wrong. Here's a snippet of my code for the get request:
var getFeedsClient;
document.addEventListener("deviceready", onDeviceReady, false);
function onDeviceReady() {
if (window.XMLHttpRequest) {
getFeedsClient=new XMLHttpRequest();
}
else {
getFeedsClient=new ActiveXObject("Microsoft.XMLHTTP");
}
try{
getFeedsRequest();
} catch(e)
{
alert("Error on device ready: "+e);
}
}//on Device Ready
function getFeedsRequest() {
getFeedsClient.onreadystatechange = getFeedsFunction;
getFeedsClient.open("GET","https://<username>.cloudant.com/te/_design/requestfeed/_view/all",true);
getFeedsClient.send();
}
function getFeedsFunction() {
alert(" readystate: "+getFeedsClient.readyState+", status: "+getFeedsClient.status);
if(getFeedsClient.readyState == 4 && getFeedsClient.status == 200 ) {
var data = JSON.parse(getFeedsClient.responseText);
console.log("RESPONSE FROM COUCHDB "+getFeedsClient.responseText);
console.log("JSON data "+data);
//at first the total rows is 2 but when a new data was added, the total rows should be three, but that was not the case
alert("rows: "+data.total_rows);
}
}
I ran into a similar issue last week of the device caching requests. I solved it by adding a dummy unique parameter to the link like below:
function getFeedsRequest() {
getFeedsClient.onreadystatechange = getFeedsFunction;
var link = "https://<username>.cloudant.com/te/_design/requestfeed/_view/all";
var unique = (new Date).getTime();
getFeedsClient.open("GET",link + '?' + unique,true);
getFeedsClient.send();
}
Paul Beusterien's solution below worked for me with the following caveat:
An android 4.0.4. phone did not need a unique URL, but the same code running on 2.2.2 did!

Query URL for Log In Status, javascript

This may seem like a no-brainer, but I can't find a way to do this that isn't considered a security issue (other than the obvious ways)...
So, I want to build an add-on for Firefox to use with my team. Basically it will be a status bar icon letting us know if the authentication cookie for our tools site has expired, so we can tell without losing any work currently in the browser.
At first I thought I could have the add-on check the cookie, but this seems to be a huge hassle for such a simple idea. Then it occurred to me...DUH...that I could just have the add on try to access the main page of our site. If it gets a "Access Denied" response, it can show the icon for "Not Logged In", but if it gets anything else, it can show "Signed In".
However, all attempts to do this with AJAX are proving to be almost as difficult as my cookie attempts.
Is there a simple way, with javascript preferably, but in XUL otherwise, to say
var url = "http://example.com";
var response = pingURL(url, "blah);
status = (response = "Welcome!") ? "Signed in" : "Not Signed In";
where "pingURL" would be the method of "going" to the url and getting the response?
function checkAccess(url, callback) {
var xhr = new XMLHttpRequest();
xhr.open("GET", url);
xhr.onreadystatechange = function () {
if (xhr.readyState == 4) {
if (xhr.status == 200) {
callback(true);
} else {
callback(false);
}
}
};
}
This should work... Just call with "checkAccess('http://example.com', function(ready){});" as an example where ready is a boolean value.
Exactly why do you consider cookies a huge hassle? That would undoubtedly be faster and probably simpler to implement. Reading cookies from chrome is simple and well-documented. Ask for help if you can't figure out how to parse the cookie.

Categories