Logout control not working - xpages

I have login/logout links in the main layout of my application, in the manner described by David Leedy in this video: http://notesin9.com/index.php/2012/03/09/notesin9-049-xpages-login-and-logout/
Everything works fine, except for the logout link. The code for the link is:
facesContext.getExternalContext().getRequest().getContextPath() + "?Logout&redirectTo=" + facesContext.getExternalContext().getRequest().getContextPath()
When it is clicked, then I get logged out and returned to the homepage, which is fine. But then if I refresh, or click onto another page, I am immediately logged back in without a password prompt. Is this because there is a session saved on the server which is not being cleared? How can I change this so that after logging out, someone would have to go through the full login process again before being logged in?

It depends if your server is setup to use basic or session based authentication. There is no logout mechanism for basic authentication, you are logged out when you close the browser.
The above code will only work for session based which is configured on your domino server through domino admin.
here are some instructions:
http://www-12.lotus.com/ldd/doc/domino_notes/7.0/help7_admin.nsf/b3266a3c17f9bb7085256b870069c0a9/1e4058257e426e5e8525706f0065d97a?OpenDocument

Related

Best practice to check if the user is logged in during the entire session

I'm using React on the front, nodejs + express for the back, mongodb , and passportJS for the auth, and express sessions to store the session information.
Whenever someone joins my website, react is sending a request to the backend to check if the user is logged in, and then if the user is logged in it will show adapted content. The problem is that whenever someone is logged in it will first show in the nav bar a button that says "log in" and only half a second later will it be updated to "log out" because the post request that says the user is logged will resolve. What is the best practice to solve this issue? at the moment I check if the user is logged in every single time that the user navigates to a new page and it does not sound like a best practice to me.
Try adding a loading state to your component. So instead of two states of login and logout, you will have login, loading, and logout.
This will allow you to add a new UI state for loading. Now it up to you to decide the UX.
UX Solution:
Some sites just put a giant loader and blocks the site till the app is loaded which works but is not that appealing.
A more modern solution is to use a skeleton loader. This will display a fake component while the application is loading (Note: NOT the whole sight needs to be in this skeleton state. It can be only the navbar while the rest of the application is displayed).
See AntD skeleton: https://ant.design/components/skeleton/

Want to know the symptoms of a website on which we can bypass the login authentication(Directory traversal)

When I typed the complete URL to a particular page section of a web app without logging in, it initially moved directly to the particular page without logging for 2 secs and before it gets completely loaded the page moves back to the login authentication page. can this app be bypassed without login authentication, can anyone clarify to me on this.

How do I output someone's Steam 64 ID when they click on a button?

I'm trying to create a program in which, when you login with Steam and then there's a button, which when clicked the following happens:
If you are not logged in, it takes you to the login.
If you are logged in, it writes the user's Steam64ID onto a txt file somewhere in the site folder.
I currently read the steam web API documentation but i don't know how i can output someone's steam64ID with a button click. Can someone please help?
You could use this API in order to login the user, this returns their Steam64ID. You can then store this (perhaps as a cookie) and output it on the click of the button (assuming you use PHP for the cookies, you could use Ajax for this)

How to auto close SharePoint Online sign in window after signing in?

I'm working with an ASP.NET application. My page display content (images) from SharePoint Online.
Certainly if I want to display something from SharePoint, I must be authenticated first. So I wrote a script to check if user is logged in or not. If not, a window will open and navigate to SharePoint sign in page.
The question is how to close this sign in window after user do the authentication? I've tried the solution here Close window, after redirect but it only works with local site, with login page from different domain (SharePoint Online), it return "Access is denied" error due to Cross Frame scripting prevention.
So any other solution?
I think , When a user clicks Ok and authentication code runs and authenticate the user, you could run a code or javascriupt to close the window.
Correct me if i miss something
I've found the solution. Create an .aspx page on SharePoint, place JavaScript to close the window (window.close) in it.
Then from web application, if user not logged in SharePoint Online, open new window and navigate to the .aspx page above.
SharePoint then redirect you to Microsoft Online sign in address first. After authentication, it bring you back to where you come, the .aspx page, then the JavaScript execute and close the window.

Gmail - Back button click on browser

after logging into GMail and clicking the back button on the browser the site doesn't gets back to user login screen? how is it done? Any pointers in java server side programming will be helpful. How to do it without java script.
They probably use HTTP cookies and server side sessions to track the user authentication state. Take a look at this article for more info about using cookies to persist login info.

Resources