Passing session value from one app to the next - session-variables

I'm setting a session value in one app and it's not available in any other app once the redirect happens. It's available in the source app (the one where the value is set) though. Is this expected behavior?
I've inspected session IDs in the origin app and in the target redirected app and they are different. So how can/should I pass the session variables from one app to the next? I need this for setting the authenticated user and currently it doesn't work due to this behavior.
Kind regards
Seba

The problem was that I was using different session secrets for each app. When using the same session secret, it works as expected.
Seba

Related

Conditions which SignInAnonymouslyAsync() returns the same user

Firebase.Auth.FirebaseAuth.SignInAnonymouslyAsync()
It is a question about anonymous user (FirebaseUser) returned by the above function.
I am creating iOS and Android applications with Unity.
Is the "FirebaseUser" returned by "SignInAnonymouslyAsync()" always the same as long as a user is using the same mobile device?
Also, what is the condition that the returned "Firebase User" is always the same?
The user is always the same unless the app is uninstalled and reinstalled, the app's private data was cleared, or you sign out the user. In any of those cases, the previous anonymous user token is lost and a new one is generated.

How do httpcontext.user.claims get its value in asp.net core assigned and is it session dependent?

this is a generic question. I want to know about httpcontext.user.claims. How this is getting its value? Is this session dependent? will this be automatically updated when a session expires?
Our web app is a federated app inside another app. That app controls the logging in part. so once they are logged in the user can access our application and they send us a particular value needed for us through query string. we validate that value against the claims values by accessing httpcontext.user.claims. SO now the problem is inside our app httpcontext.user.claims has still the values of previous logged in user, if the browser is not closed or we havent cleared the cookies of the browser. SO its impossible for us to validate when logged in with another user from their app without closing browser or clearing cookie.
So i ant to know whether the httpcontext.user.claims is session dependent. Also when logging out they are actually doing session.Abandon() when they call logout method. Is it because our web app is creating another session, but we have no code written for any new session creation. F

Ember-Simple-Auth 3.1 using Ember-Simple-Auth-Devise.js Callback

I'm using Ember-Simple-Auth on an Ember-CLI project, and I'm also using the provided ember-simple-auth-devise authenticator that comes with 3.1. I'm able to login and logout successful, but I can't figure out where's the best place to put the callback (or when the promise resolves) upon successfully logging in. I want to be able to use the data returned by my API on my app after logging in. Any suggestions and advice would be highly appreciated! If requested, I can also provide code samples (although I figured it wasn't necessary since what I have implemented thus far is nothing custom).
Thanks!
When the session is authenticated successfully, the sessionAuthenticationSucceeded action is triggered (see http://ember-simple-auth.simplabs.com/ember-simple-auth-api-docs.html#Ember-SimpleAuth-ApplicationRouteMixin-sessionAuthenticationSucceeded, there are also more actions for other events). So that's a good place to react to the session becoming authenticated.
As the authenticator will set all values the server responds with as properties on the session you could also define additional properties that depend on these - see example here (where the account property depends on the accountId property that's read from the server response): https://github.com/simplabs/ember-simple-auth/blob/master/examples/4-authenticated-account.html#L101

User authentication withRails 3 and Sencha 2

I am developing a simple application on Rails 3 using basic authentication.
The application checks for a valid session on every request. How can I manage sessions using Sencha? I tried to get the Rais Session to pass it as a param to sencha so it could send it back to the app.... but using request.session[:id] or *request.session[:session_id]* is not returning any value.
What would be the best way to approach this problem (keeping sessions)? I thought about creating my own session hash to use...
Any help is highly appreciated!
Ok, from the beginning - not request.session but just session. Not session[:id] but request.session_options[:id] (at least as described here: Finding the session id in rails 3 , works in rails4 as well).
How/Why do you want to manage session in Sencha? Sencha is fronend only, it has nothing to do. If yoy have properly configured session in config/initializer/session_storage.rb, then session_id should be passed in cookies on every request.

ExtJs:How to get Session variable

In my Java web application,when a user gets logged in,i store the user name and other details in session as follows,
session.setAttribute("userName",username);
I am using ExtJs4 for UI.How to get the session variables in extJs?
Thanks
I can second #Geronimo approach. You need to get user Id and/or permissions when you authenticate the user. However...
You can't rely just on the username/permissions that you store somewhere in your JS code because it can't be easily spoofed. If you present user with some information that can be different for different levels of access you still need to do server side validation of the user identity.
You can't get session variables off the server web container using javascript only.
I do the same thing (storing userId as a session variable in java). I use Ext.Request to perform an Ajax request to a java servlet to get it (along with other data about the user like permission settings for the webapp to enable or disable features they wouldn't be able to use).
EDIT:
I second sha's answer also, the only reason I pass the authentication information back to the client is for cosmetic reasons - so that user doesn't think he can use a feature in javascript that would be denied by my server side authentication. If he were to spoof the userId or permissions and try to use the feature, the real authentication on the server side would stop him.
I understand that the question has been asked for a long time ago, but despite the large number of views and the absence of an plain answer, I decided to offer this answer:
Assume that the session variable is registered like /index.php?PHPSESSID=9ebca8bd62c830d3e79272b4f585ff8f
In this case, you can get the variable PHPSESSID through JS object "location" and transform it through Ext.Object.fromQueryString()
So:
console.log( Ext.Object.fromQueryString( location.search ) );
will prepare PHPSESSID variable for your needs.