after logging into GMail and clicking the back button on the browser the site doesn't gets back to user login screen? how is it done? Any pointers in java server side programming will be helpful. How to do it without java script.
They probably use HTTP cookies and server side sessions to track the user authentication state. Take a look at this article for more info about using cookies to persist login info.
Related
I am looking to replace a toolkit that does social auth through a seamless popup, where the entry point is a javascript function and there are javascript callbacks that you install that pass the results of the authentication back to you once everything has asynchronously been processed.
The socialbootstrap example shows how to perform posts to /api/auth/{provider} and this causes the browser to redirect to the login screen of the social provider and then back to a redirectUrl in the original app.
I would like to have this work in some kind of popup and the result be passed back to me as some kind of ajax result or a javascript success or failure handler.
Is this possible and if so do you know of any code examples that show this?
My understanding is that iframes are not a universally good way to do this as some social providers have iframe busters...
Thanks
If you only need to support Credentials i.e. UserName/Password Authentication you could do this via a HTML from in a Popup and ajax.
The https://httpbenchmarks.servicestack.net Live Demo shows an example of this when you click on Login with your email button or Sign In link (on the top right).
The Authentication/Login process is documented in detiail the repository, e.g it uses a modal bootstrap form and ss-utils bindForm to ajaxify the HTML Form and provide automatic form and validation binding.
On successful authentication, the success callback is fired where you can hide the modal form and run any other post-authentication scripts, e.g:
$("#form-login").bindForm({
success: function (r) {
$('#modalLogin').modal('hide');
localStorage["UserName"] = $("[name=UserName]").val();
$(document).trigger('signed-in');
}
});
Now that the Users Session is authenticated, every subsequent ajax request is sent in the context of the users authenticated session.
If you want to use OAuth then you would need to stick to full-page reloads since often the page will be redirected to the 3rd Party site where the user needs to explicitly allow authentication via your app.
I have a link on my web-page which automatically logs in through a generic username/password for the purposes of a demo, eg :
https://username:password#www.example.com
A dialog box shows up which says "You are now logging in as username. Is this correct?"
How can I remove this dialog to allow me to log into this web-page as cleanly as possible?
I've considered using JS to resolve the issue but there must be a simpler way?
Thanks
You are using http basic authentication which is a protocol that is a part of http. The username and password is sent to the web server and verified before your web page is loaded.
It is not the web page that creates this dialog, but your browser. It will be different for different browsers. Firefox creates a confirmation message when you provide the username and password in the address bar. Chrome will not create this confirmation message.
A javascript or any other kind of functionality in your web page would not be able to remove this message. The reason for this is that the message is created by the browser before the web page is actually loaded.
I am building a Chrome Extension that loads data via jQuery from a background page, and relies on the user being logged in to the website to authenticate.
$.get('https://mydomain.com/myurl', function (data) {
// do something
});
Ie, a user logs on normally to https://mydomain.com, and some cookies are set by the server.
In the background page, get some data for that user at /myurl /myurl expects the authentication cookies to be present.
This works on a background page, but only if the the background script is reloaded after the user logs in. Additionally, once the user logs out and the cookie is deleted from the web page, the cookie is still there in the background page!
I'd expect that the cookies on the background page to stay in sync with the cookies on the website.
Not sure if this is a feature or a bug, or I am totally doing this wrong.
Turns out this was caused by using SignalR (websockets) in my background page. The websocket was opened before the cookie was set. So, I had to detect a change in the cookie, close the websocket, and then reopen it so that it would get the new cookie value.
I am running S60 SDK 5th with Eclipse pulsar on win 7.
I have oauth_token using with this Url https://www.linkedin.com/uas/oauth/authorize?oauth_token=. To get that grant access screen by LinkedIn.
I am loading above Url using htmlComponent, and adding HtmlComponent to form and show it.
Occasionally when I click on the "Ok I'll Allow It" button (i.e. after the button has been pressed) I get the following error message.
We’re sorry, there was a problem with your request. Please make sure you have cookies enabled and try again.
But I'm receiving the response with oauth_token, oauth_token_secret, oauth_callback_confirmed = true, xoauth_request_auth_url, oauth_expires_in.
Please help.
My guess is that the error is happening with the callback. Once you click the "OK, I'll allow it" button in the LinkedIn authentication page, the user should be redirected back to your application. Can you run the network for your phone through a laptop system where you can snoop the traffic to see what's happening? I'm not familiar with HTTP snooping capabilities in the Windows 7 system, but there may be some logging you can do to determine what's happening.
I have login/logout links in the main layout of my application, in the manner described by David Leedy in this video: http://notesin9.com/index.php/2012/03/09/notesin9-049-xpages-login-and-logout/
Everything works fine, except for the logout link. The code for the link is:
facesContext.getExternalContext().getRequest().getContextPath() + "?Logout&redirectTo=" + facesContext.getExternalContext().getRequest().getContextPath()
When it is clicked, then I get logged out and returned to the homepage, which is fine. But then if I refresh, or click onto another page, I am immediately logged back in without a password prompt. Is this because there is a session saved on the server which is not being cleared? How can I change this so that after logging out, someone would have to go through the full login process again before being logged in?
It depends if your server is setup to use basic or session based authentication. There is no logout mechanism for basic authentication, you are logged out when you close the browser.
The above code will only work for session based which is configured on your domino server through domino admin.
here are some instructions:
http://www-12.lotus.com/ldd/doc/domino_notes/7.0/help7_admin.nsf/b3266a3c17f9bb7085256b870069c0a9/1e4058257e426e5e8525706f0065d97a?OpenDocument