Wanted to know if there is any way to find when your session is about to expire while using class Ext.data.Session, as the Ext.data.Session does not provide any event. As per the definition of the class it is used to store session information with the server data being loaded.
What I want do in my application is user login session management. That is when a user logs in it starts a session and when the session is about the expire I prompt to the user that your session is about to expire. Any event performed in the application resets the session timeout time.
I have checked this example on Miami code but as per the logic, the session will be tracked from the time of loging in. But wont be updated whenever there is some event in the application. Hence irrespective of user performing any event the user will be promted that his session is about to expire. This not helping me, as I need to reset the timer if the user performs some activity.
Let me know if I am driving the question in the right direction, else will rephrase accordingly.
Well, Ext.data.Session and User Login Session what you need are two entirely different things.
Ext.data.Session manages data stored in various records such a way that it ensures consistency, uniqueness of the data and saving data to the server.
Thus, Ext.data.Session cannot be used for your purpose.
Related
I'm having this problem with my application where it will eventually (unsure of the timeframe, presumably 1 hour) stop updating live with firebase realtime database changes without logging out and back in. The security rules prevent unauthorized users from accessing data. The user will remain logged in and the authentication session persists, so I've been miserably confused as to why it eventually stops updating.
After a painful amount of internet scouring, I've come to find out that the token ID given on login lasts only 1 hour, at which point they are refreshed automatically using the refresh token. (For the record I am logging in with firebase.auth().signInWithEmailAndPassword).
Now, my question - Do I need to resubscribe to my database after the token ID is refreshed? More specifically, do I need to call firebase.database().ref().off() and then subsequently call firebase.database().ref().on() when a token refresh is detected? If not, can you possibly point me in the direction of what might be going wrong?
Edit: It may also be worth noting that if I change my security rules to allow unauthenticated reads, the user is still able to write to the database indefinitely without having to reauthenticate.
Firebase passes the new authentication token to the database automatically. As long as the user remains the same, you don't need to reattach the listeners.
The only moment you might have to reattach is if the user somehow becomes signed out. This may happen when the ID token can't be refreshed, for example because the account has been disabled, or the password has been changed. In that case the existing listeners will be canceled, which will be logged in the client, and the (optional) error callback for on will be invoked. At that point you'll need to reauthenticate and attach new listeners.
In salesforce, can we allow specific user to login one at a time globally ? If he is login into the salesforce already, then he should not be able to login again, unless first active login gets loggoff. Is there any way we can achieve this using OOTB?
I don't think this is possible. Sessions in Salesforce can be locked to the original IP address though, which would prevent you from logging from two different locations. You can also set sessions to have a 15 minute timeout, so if they logged in a second time, after a little bit, the first session would be terminated.
I'm making an app which holds sensitive information about the user. This data is held in the store and is used throughout the app, on different views.
The session can expire, with the store being completely cleared if the user tries to navigate to another route after a timeout. However, the store is not cleared until the user navigates to a new route. Let's say the user leaves their machine without logging out. The session times out but the page is still there and the store is yet to be cleared.
Would it be possible for someone else to access information from the store if it hasn't been cleared yet? (e.g. With Chrome dev tools)
The other option I can see is to clear the store on session timeout and somehow keep the current view in place. The idea being that the current view should not break if the session has expired.
I am having trouble storing sessions in database with codeigniter.
When a user logs in, a session is created and stored in the database. The data is filled in the database. When a user uses the logout button, the session data is emptied, however, the session still exists in the database.
The problem is when a user doesn't use the logout button but just closes the webbrowser. The session data is not emptied, but the user is still logged out. (i hava set this in my config file) The session should be destroyed in the database but it is not!
When a user logs back in after having clicked the 'logout' button, the session that has been created the first time the user logged in, is filled again with the data. So no problems with this.
But when a user logs back in after having closed the browser, it creates a new session.
This problem ends up in having endless sessions, sessions are being created every time a user closes the browser.
something else that confuses me: when I log in with an account, a session is created. When I then logout with that account and log in with another account, the session is stored in the same record as the other account. When are new records in the session table created?
I am using version 2.1.3 of codeigniter.
What am I doing wrong?
//Session config:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
You have sess_expire_on_close set to TRUE, so this is expected behavior, and you usually want that in most circumstances. The issue is, a new cookie (hence session) is generated when the browser is closed and opened again. From the CI session class documentation (go to the bottom where it talks about saving sessions in a db):
Note: The Session class has built-in garbage collection which clears out expired sessions so you do not need to write your own routine to do it.
So, it's not something you have to worry about addressing, orphaned sessions will be automatically garbage collected from the DB by the session class. If you want, you can implement code to clean it out via cron, but you really don't need to.
Now, if this presents a problem for specific logged in users (e.g. 'remember me') but you want the session to expire on close for everyone else, you can work around it by manually setting another cookie that far outlasts your session cookie and correlate an item in it within your session DB. This allows you to figure out who the user 'was' and reconstruct the session if it should magically persist for them. There's a bit more about that in this answer to a somewhat related question.
I'm implementing session management and am currently storing 4 types of info in the db:
user_id
session_id (hash)
insertion_time (for timeouts)
persistency (if user
has a persistent cookie)
It is possible for the user to have multiple sessions open with different devices. If the user logs out, how do I know which of those sessions I should delete?
What unique information is usually stored along with the info I've already got? IP address does not really work as it could be shared. Should I store the browser info, but what if it is the same?
You should only use a single session id/hash to recognise a session.
When a user logs in (e.g. with username/password) you will tell them what their session id/hash is.
When a user is browsing, they will tell you their session id/hash for every page load. That's how you know it's an existing logged in user, and not some random new user.
When a user tries to loggout, they will still tell you their session id/hash. You can use that to find and delete the correct single session.
You have to store Last access time Last Modify Time of the Session to calculate the Idle time for Session Timeout.
To Identify the User Session you have to store the browser Id. Browser Id and User Id mapping will lead you to figure it out which session of the User you have to delete.