On my application, a session is created whenever the user is logged in, and this session is updated on the db and session is saved on cookies as well (using perl)
Now I modified the code to update the session using javascript. However when I log out then in again, the session found in the database is different from that found in the cookies. For some reason the cookies is not being updated using Perl after it is being updated using javascript. I don't what wrong I'm doing.
In javascript I do this:
createCookie(cookie_name,cookies_value);// where cookie_name is same as the one on Perl
Any help?
Sessions are normally lost when you log out of a web app, so it's expected to get a new one when you log in again. Without knowing your session implementation and login/logout code, there's no way of knowing if that's the cause of the issue.
What cookies are sent with the request? Which cookies are stored by the browser? Verify everything by inspecting the HTTP transaction, etc. then tell us what you find. Be a lot more specific than "It doesn't work".
Related
I want a way to log in and store a users details (maybe in a cookie?) securely using JavaScript.
The main I want to do is go from http://localhost:3000 to http://localhost:3000/welcome which I can do using the below code document.location.replace('./welcome');
However, if I currently type in http://localhost:3000/welcome address then it will take me straight there instead of asking for auth. how can I get a login page to be thrown in front of this page if no one is logged in?
any good tutorials on this? thanks
You will need to do this server side. Other important thing to note is javascript it client side and not necessarily secure at all.
I'm trying to make a basic social networking application following Write Modern Web Apps with the MEAN Stack book.
The end result should be: https://mean-sample.herokuapp.com/
I got through to getting user accounts set up, having a user log in and create a personalized post. But as soon as I refresh, the user gets logged out.
What am I doing wrong? And how do I fix this?
In the client side we cant maintain the session, we need the server support to it. There are many ways to maintain the session
1 Token based, for each request to the server, the server will check whether token exists or not.
2 We can store in the localstorage while refresh the rootscope will be, at that time we can take from local store and populate the page objects.
Maintaining in server side is secured and advisable.
use localstorage, it will help you in maintaining the session and also store user details temporarily.
Refer this for more details
https://github.com/grevory/angular-local-storage
I want to store data in cookies after getting it as per this tutorial:
https://docs.angularjs.org/api/ngCookies/service/$cookieStore.
But I want to know that if values I stored are sent to server as session or not.
I use firefox to see network (F12), and found that cookies value are not sent to server.
Is that right?
Whatever values you are storing inside ur $cookieStore will only be on ur local machine .It wont be ever sent to your server untill and unless you will send it manually.
Please give more info so that we can provide you better solution.
I have several web pages that should work only if certain condition is true. For example, there is a registration page, a login page. If someone is already logged in, I don't want the user to login again or register again until he is logged out. Currently the server saves the login in a SESSION variable and each web page has to called the server to get the SESSION variable and determine whether to display the page or not. This does not seem like a good solution. I am thinking may be saving in on the client side, but I don't know a good approach. Should I use cookie for this ? Is there some other services on the client side to store session data ?
Cookies are the best option for session details involving login, any other persistent storage should use localStorage.
This is because cookies will be transferred to the server on each request and therefore can be used to authenticate each call.
If your confused about this sort of stuff it can be very dangerous for your site. Try read up on it and try to use whatever the standard is for your language/framework/library.
I have one query on JavaScript.
How we can pass values from one page to another page?
I am working with ASP.NET. My requirement is, I need to validate the user, whether his session expired or not. If the session expired then I need to show a pop up with two textboxes to enter his credentials.
In which case I was unable to do that in ASP.NET. So though of doing with the help of JS. But not getting ideas.
I know we can pass values from one page to another using querystring. But as per the security purpose that is not to be used in my app.
Please help me out.
Thanks in Advance.
Don't do that on the javascript side. Remember that you can't trust the client side.
Use ASP.NET to do this.
See this tutorial to get some help about using sessions: http://www.beansoftware.com/ASP.NET-Tutorials/Managing-Sessions.aspx
You can save the users info in a session, for example his id and current request time. Then you can compare the previous request time, which you saved while processing the previous request, with the current time. You save the current request time in the session again. If it's been to long ago you show him the login popup. If you need a more secure way of passing the login credentials I recommend using a ssl certificate.
You can set cookies. That's also not really secure, but it's obviously a lot more secure than query strings, though if you're dealing with something that requires more security than what cookies offer, then I would suggest that you're doing something really wrong. (Welcome to Stack)