1] I have My Account Page which is accessible after login.
Now i have looged in access 'My Account' Page & Logged Out.
Now when i clicked on browser back button i'm able to access 'My Account' page. Which is not true. When i refresh that page then it redirects to home page or u don't have access to this page. But on back browser button it don't work.
2] When user is logged in Take cookies Information using "Web Developer Tool" and save it in notepad.Delete all cookies infromation and closed the browser.Now open the browser and manually add the earliarly stored Cookies details now access url user is already logged in using that cookies information. This should not happen.
It's in the browser cache - not sure what Drupal could do about that.
That's how session cookies work. Again, I'm not sure what Drupal can do about that.
Its the browser that caches the page. If you hit back button, then the page is loaded from browser cache, rather than hitting the server again.
As this page is not loaded from the server, hence you see the last state of that page.
I am sure drupal or any other script cannot do about it.
Related
I have created a multitenant application in the Azure Portal. I have set its redirect URIs and Front-channel logout URL.
I opened a normal(not incognito) Chrome window and I give consent to my application with a Microsoft account. Then I opened another incognito Chrome window and went to https://myaccount.microsoft.com/(it redirect me to sign in page firstly) after that I clicked to Sign out everywhere button. However any request come to API that listen to GET requests of Front-channel logout URL so I could not clear any datas from the database.
However if I open the another Chrome window withhout incognito mode, a request is always comes to API that listen to GET requests of Front-channel logout URL if Sign out everywhere button is clicked.
So, why a request is not sent when I am using incognito window? I expect that Microsoft should know the logged in session and send a request for it even if the Sign out everywhere action is done in another incognito session.
The general guide I am following for this is: https://learn.microsoft.com/en-us/azure/active-directory/develop/
The specific guide is this: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-sign-user-sign-in?tabs=java#sign-out
The example project that I am use it for making practicing: https://github.com/Azure-Samples/ms-identity-java-webapi/tree/master/msal-web-sample
The button that I am clicking and could not get a GET request to my front channel logout url which is set in my application page on Azure Portal when I try to click that button in a different incognito window or different browser window is shown below:
We Need to make an angularjs web with a login page where user login.
Then this page get information about logged user from the server to use later.
When user is ok logged an informative message show say something like : 'You are logged susccessfully, do not close'
Same angular web must have other pages a user can load.
For example pages with a lots of lists of information from back-end (but for get this information we can use data from the logged user tab still open).
But if user is not logged or user close the login page (we mean the page with susccessfully logged message) all opened tabs with pages listing information must close or show message of 'sorry, not logged, you closed session'.
We use angular routing for differents pages in an angular app but How can we connect all tabs so get information from a unique page of login and how close all of them if user is not loged or close login page in firts tab.?
i have an angularjs app, i am using cookie based authentication in this app. when i login with two different users in same browser window in different tabs my cookie gets override. For example i am logged in with a user 'A' in first tab of browser and i am logged in with a user 'B' in second tab of the same browser window. when i check the cookie in browser, i only see the information about last logged in user. and when i try to navigate through application with user 'A' i get wrong data.
my question is is there any way i can skip login screen if a user is already logged in my application? so that no other user can login within same browser?
i tried to use resolve:in AngularApp.config and tried to redirect already logged in user to /home but still i am unable to achieve it. any thoughts?
Once the login is completed you can save the status of the application in session storage. Then when you are initialising the application you can check the value exits in session storage or not and redirect user to different page depend on the value. Make sure you are removing the stored value in session storage when user logout from the application
Is there a way to open external URL in new window and keep an watch over URL change in newly open window and take actions accordingly. And i want to get cookies values also from newly open window.Basically I'm developing website in angularjs. To signup or login i'm using social media. For example on clicking facebook button(using passportjs for social login ) it should redirect user to facebook login screen and once login is successful user will be redirected to a page where i'll be sending access and refresh token in cookies from my server once redirect is done. So i want to keep watch over URL and redirect user to profile page once redirecting is done and want to fetch value from cookies.
new window -> no rootScope or any other scope.
You don't have the same "runtine environment" cross windows
You can't control a new window with the one that open it.
You have to "boot" another angualr and passing parameters, if needed in another way.
UPDATE
normally with 3th party authentication you can choose the page that you want to land.
For angularjs I found the lib satellizer that is pretty good and give you support for all the principal identity provider(facebook, twitter, guthub ecc).
Take a look and tell me if is what are you searching
I'm having a weird problem with my angular app. When the user is logged in and hits "refresh" in the browser, the app loads the log-in template which is part of the main index.html file. It does not, however, kill the user session, but the user can't get any where else in the app without re-authenticating. Can anyone offer advice?
When a user refreshes the browser, your entire angular application disappears and gets restarted. That's how SPAs ("Single Page Apps") work.
If you want to have the user not log in every time they do this, you have to save enough information in the browser itself to know that he or she has already logged in. You can do this by storing some information either in a cookie or HTML5 local storage, and checking to see if the login information is stored before you call your authentication service.
Also, if you use standard http BASIC authentication the browser itself will cache the authentication credentials.