I am currently testing user last login log data created by Auth0 and noticed that it is not using the time zone I am using but it seemed like it was using their own timezone. My question is, which timezone are they using? And if possible, can I change Auth0 configuration so that it can provide log data based on timezone I am using?
Related
I have to implement the password expiry policy in Amazon cognito. I have checked the documents but didn't find any solution for this.
Unfortunately AWS doesn't have any built in password expiration for congnito. You can however have your own implementation by creating a new custom field that tracks the timestamp when password was created/changed. You can then use AdminResetUserPassword when the timestamp is too old. You can have a lambda query all users and check this parameter daily. Update the timestamp and reset the password if it is too old.
I am using play framework to develop a web app. Now I need to implement authentication/authorisation without database (really strange requirement). There will only be log in and log out function, no registration. The username/password pair will be authenticated using external service.
Due to limited experience, my current idea is to use token to authenticate and a local file to store username/password.
Is my idea feasible? Is there any recommended libs? If I use token, do I need to pass that token in Http request/response every time and authenticate the token in every controller?
Thanks!
Why store user name and passwords in a local file? I don't see the point and this constitutes a database, which you want to avoid it seems... Deciding to work with local files will be an important limitation if you ever want to deploy more than one server and have some load-balancing done.
Playframework is stateless, meaning that the server doesn't keep session state. To work around that play uses signed session cookies (the browser is storing the session data, and cannot modify it as the session data is signed).
Here's what you can do:
on login: set some data in the session
on each subsequent request, determine the state (logged-in or not) based on the session cookie, see https://www.playframework.com/documentation/2.6.x/ScalaActionsComposition#Authentication
on logout: reset the session cookie
Now this approach has a serious downside, it allows people to replay (reuse) old session cookies to pretend being logged. Another (could be less serious depending on your requirements) is that it is not straightforward to implement session expiration after a certain inactivity.
This is probably enough to answer your question and give you a starting point.
I am working on web application in MVC4-asp.net.For login I am using Simple membership Provider method to login.All is working properly but according to project requirement there will be no same user can not login at the same time on different machine.how to make changes in MVC simple membership.if any user is logged in and any one try to login at the same time using same username then it will be display message like "This user is already Logged In" and user will be not able to log in at that time.
Please give some suggestion on that.
Thanks in advance.
You Can do it by many ways, simple approach is
Set one flag at the time of login into database.
Check flag every time when you are sign in.
Remove flag at time of logout.
There are some issues in using this approach like what if user is close browser without logged out, for that you can set session time out.Hope this will help.
We use Grails Spring Security in our application to perform user authentication. If a user loggs in to our application, the rememberMe cookie will be saved. This means, that the user will remain logend in between browser sessions.
How can I check which users are currently online? I read that you can retrieve this information from the Session using SessionRegistryImpl or HttpSessionListener but I have no idea how to implement that. I found this post but I am not sure how to transform it to Grails: Online users with Spring Security
Any idea?
I built a dating application that relies on online users. I created a Grails' Service that keeps track of online users. All you have to do is to create a service that keeps a concurrent hash map, the service is singleton so only one instance for the whole web application. When your user log-in for the first time, you set the user id, and a future time in the hash map. For example:
Key = UserID
Value = Now + 30min
So when the user logs in, you increment his log-in time with 30min and insert in the hash map. For every request the user sends, you update the value of the hash map by looking up his expiry time using his user id. So now if the user closes the browser, he is not going to update the expiry and his online status is going to be invalid. You can have a job that runs every 30min and remove those keys which have an expiry date of less than NOW. Or if you wanna count the online users, just loop through the map and count the entries which their expiry date is greater than NOW.
It's a hash map in memory, very easy to access and manipulate, and it's fast. That works great for me, and since I'm using a concurrent hash map, updates and reads are safe. Hope this helps you get what you want. Sorry that my answer is late but I just saw this question :)
In my Java web application,when a user gets logged in,i store the user name and other details in session as follows,
session.setAttribute("userName",username);
I am using ExtJs4 for UI.How to get the session variables in extJs?
Thanks
I can second #Geronimo approach. You need to get user Id and/or permissions when you authenticate the user. However...
You can't rely just on the username/permissions that you store somewhere in your JS code because it can't be easily spoofed. If you present user with some information that can be different for different levels of access you still need to do server side validation of the user identity.
You can't get session variables off the server web container using javascript only.
I do the same thing (storing userId as a session variable in java). I use Ext.Request to perform an Ajax request to a java servlet to get it (along with other data about the user like permission settings for the webapp to enable or disable features they wouldn't be able to use).
EDIT:
I second sha's answer also, the only reason I pass the authentication information back to the client is for cosmetic reasons - so that user doesn't think he can use a feature in javascript that would be denied by my server side authentication. If he were to spoof the userId or permissions and try to use the feature, the real authentication on the server side would stop him.
I understand that the question has been asked for a long time ago, but despite the large number of views and the absence of an plain answer, I decided to offer this answer:
Assume that the session variable is registered like /index.php?PHPSESSID=9ebca8bd62c830d3e79272b4f585ff8f
In this case, you can get the variable PHPSESSID through JS object "location" and transform it through Ext.Object.fromQueryString()
So:
console.log( Ext.Object.fromQueryString( location.search ) );
will prepare PHPSESSID variable for your needs.