I am working on a website in which I want to close the browser window/tab when the Logout Successful page loads. I am doing this because after the Logout workflow if 'back' button is pressed on browser, it displays the previous page with all the confidential info visible. Since I cleared the session in the corresponding servlet, user cannot do anything after the logout but display of data is of quite concern.
For this pupose I am using below code (Logout.jsp)-
<body onload="self.close();">
<center>
You have been successfully logged out.<br>
</center>
</body>
The problem is that the above code is working fine on IE however, it is not working on Firefox and Chrome. I checked all the settings related to Java Script for Chrome and they are exactly the same as of my browser.
Alternatively, I tried to clear the history. For this purpose I used below code which I found on some website -
<body onload="window.history.forward(0)">
<center>
You have been successfully logged out.<br>
Kindly close the browser for security reasons.<br>
</center>
</body>
But this code is not working in any of the browser.
Any kind of help would be appreciated.
---------------- UPDATE ---------------
For the second option (i.e. clearing history), after much google and work, I was able to make it work. The solution is as below -
If a user follows the navigation page1 -> page2. And you want to stop user from page2 to go back to page1 then add below code on page1 -
<body onload="window.history.forward();">
//rest of the body
</body>
I tested it in IE and found it working perfectly.
Now, I am left with the original issue that why script is not working in Chrome.
Do not do that. Just verify if the session exists. If it doesn't ( since it logged off ) you send him automatically to login page. That way your site is hack proof because i can eliminate from firebug or any console the line where you just close my tab, and therefor i can still see the data.
Related
This is one of those, "I need a workaround so as not to have to endure 1000 years of bickering from users, once the project launches" type questions:
I have a situation where I need to have my site reload any time someone launches Chrome without closing the tab last time they closed the browser. We are rebuilding an ancient site in a modern, MEAN stack environment, and I just know I will get complaints on this when it launches.
In other words (danger: psuedocode) -
if client closed chrome with site open
reauthenticate user
redirect to home page
I can accomplish the last two bits through an express route and passport auth, but how do I detect if the client is loading a cached page from their end?
Is it possible to simply store some sort of js variable that is only
set true after an actual login, or does Chrome keep that stored on
close as well?
A simple example to go along with my comment:
<html>
<head>
<script>
function DoMagic() {
document.getElementById( "magic" ).innerHTML = "<h1>Hello World!</h1>";
}
</script>
</head>
<body>
<div id="magic">Waiting for magic</div>
<br>
<input type="button" value="Do Magic" onclick="DoMagic();" />
</body>
</html>
Open this in Chrome the div reads "Waiting for magic".
Click "Do Magic" div reads "Hello World".
Close Chrome by clicking X ( not the page, the browser ).
Open Chrome. Page loads. Div reads "Waiting for magic."
The state isn't kept between browser closes--even if the cache is. I'm thinking you can implement something similar to make sure they have to login between browser closes. Should work in all browsers too.
I am working on a php project in codeigniter. When a user logs out, he/she is directed to login page. But when he/she clicks the back button of browser, he/she gets to see the home page just before the log out, which definitely not a good thing.
I have added session check on every page so that when a user reloads any page after logout he/she will be directed to login page.
As far as i think, this happens due to web browser using cache for the back button.So one solution as given in many stack overflow forums and others is to clear the cache, which i too did. But another problem came that the document expires after back button, which is not good from the UX point of view.
Another solution is to add javascript code to restrict the page to itself when pressing back button, which surely works. But since the javascript is client side, this won't work if you disable it from browser.
If you check the Gmail or facebook or any good site ,they handle it really well and no ,it's not by just javascript code , as suggested in this forum How Google deals with the Back Button after logout? ,
So my question is how do they handle it in real?
On home page, you'll need to check if SESSION is active.
When user is logging out, you'll need to destroy SESSION.
For example:
-On Home Page
session_start();
if(!isset($_SESSION['variableName']))
{
header("location:login.php");
}
On logout page:
session_start();
session_destroy();
Hope this helps.
One time I got that problem and finally I got many tiny solutions for that.
Put noscript tag in common header file. I return a text when the JS turn off.
<noscript>Your browser does not support JavaScript!</noscript>
Another Method to check the user logged or not at every intervel
setInterval(function(){
$("#autorefresh").load("checklogin.php?screenName=autorefresh");
}, 5000);
And finally put this back prevent js
history.pushState(null, null, 'loginController.php?time=
$currentDateTime; ?>');
window.addEventListener('popstate', function(event) {
history.pushState(null, null, 'loginController.php?time=<?php echo $currentDateTime; ?>');
});
This is my experience knowledge... Thank You
I have a javascript file that was accidentally added to the admin side of our site. The javascript is below,
<script>
if (document.getElementById("errorTitle") != null && document.getElementById("errorTitle").innerHTML === "Insufficient Privileges") {
window.location.replace("/portal/InsufficientPrivileges");
} else {
window.location.replace("/portal/FileNotFound");
}
</script>
The problem is that this code runs on the admin pages so we are unable to remove it. If we disable javascript on the browser the page never renders, dynamic content. How can we disable this from running so we can upload the proper file?
You might be able to edit the page that contains the reference to the problem file. If you can just edit the page to jump over where that code is called with an if statement or goto.
If you can't edit the other pages then you can Use the debugger to change the code executed on the fly. Chrome and Firefox have debuggers that should be able to do this.
Specifically for Chrome you go into the object inspector (available via menus or right clicking on the page). Then you can see the HTML on the left window. You select the script tag of interest, you can right click and select delete or select "Edit HTML"
If the page redirects you before you're even able to edit anything, you can use automated tools.
Fiddler (Windows)
Fiddler lets you see all pages downloaded, and then you can have it send your browser a different page when it tries downloading any page you specify (AutoResponder feature). This way you can temporarily edit a page while you can fix it in the admin panel.
Greasemonkey (Firefox) or Tampermonkey (Chrome)
These plugins let you run JavaScript code on a page as soon as it gets to your browser. This will let you do things such as removing the script tag programmatically.
I've been having an issue with the Facebook Like button for quite some time. I've looked all over for a solution but am quite stuck. The error occurs on my site www.MapYourVote.com. When you go to a poll page and click 'Like' the dialog appears and quickly disappears. At the same time, the counter also goes to 1 and quickly goes back to 0.
The problem is always solved for individual poll pages by using the Facebook Debug tool (http://developers.facebook.com/tools/debug). Once you use it on the url, the like button will work as expected. The issue is my website is dynamic and I can't use the Facebook Debug tool every time someone creates a new poll. The Facebook Debug tool does not reveal any problems (apart from og image size but I doubt that's the issue).
Here is an example of a page in which the Like button does not work. If you were to enter this url into the Facebook Debug tool, the Like button would work.
http://www.mapyourvote.com/Poll/Election-Result-Feelings/
Any help would be much appreciated!
I also had this problem. I was constructing a referrer url to give link-sharers a credit, so there was a different url for each user that wanted to share something. The referrer link would give the user credit and redirect to the login page of my site. With this configuration, the like dialog would appear for a moment and then disappear again, unless I went to facebook's debug tool.
What fixed the problem for me was to change from a redirect to rendering the page directly from my referral link. In fact, I changed the referral link to be a ?r=refid parameter on my root page URL. It appears to work correctly if facebook doesn't have to follow a redirect to get the og: data.
I had a similar problem and it turned out I had too restrictive cookie policy set in my browser - I only allowed Facebook to use 1st party cookies. When I allowed Facebook to use other cookies, the problem was solved. It's hard to debug when no error appears other than the immediate pop-up closeup.
I had the same problem. It was caused by url value in data-href attribute. I had there url pointing to my localhost.
When I changed the url to existing one, problem was solved.
Hope it helps
For me, the problem (Like popup disappearing after a second) was happening when the Like button URL redirected to another URL.
The fix was to add og:type, og:url, and og:title (required per https://developers.facebook.com/docs/reference/opengraph/object-type/website), then running the URL through the Facebook debugger to clear the cache (https://developers.facebook.com/tools/debug).
More at https://stackoverflow.com/a/16597060/2391566
I've searched for answers to this -- seems like all the answers relate to the old Facebook API so the solutions are no longer relevant.
The problem I'm having: I've got a custom Facebook tab which has a button on it that, when clicked, triggers FB.login(). The way it should work is: user clicks to log in, popup comes up to authorize the app, user clicks authorize, the popup closes. This flow works correctly on all browsers except IE8 and below. On IE8, the user clicks to log in, the popup comes up to authorize the app, the user clicks authorize, then the content INSIDE the popup refreshes with the content from the redirect URL. Needless to say, this is not the desired experience for IE8 users :(
I've tried everything I could find: doublechecked that there are no javascript errors, ensured that there is a valid channel file, etc. Nothing appears to fix it. Everything is happening through secure (https), so I'm not sure if that has anything to do with it.
I've been trying to fix this for DAYS now; any help would be GREATLY appreciated!
Make sure fb-root element is only once in your page , I have faced this issues and when i made sure that fb-root div is only once the issue got resolved
You should specify a p3p header in all responses from your web server. Please see: http://www.hanselman.com/blog/TheImportanceOfP3PAndACompactPrivacyPolicy.aspx.
By "the content INSIDE the popup refreshes with the content from the redirect URL" do you mean that you are passing a redirect URL? If so, don't do that. The popups work using some cross-domain JavaScript magic with a specially constructed redirect URL. If you put your own, then the popups may break.
Also, make sure you're setting a proper channelUrl when you call FB.init().