I'm implementing an adapter base authentication and trying the session timeout functionality I have updated "worklight.properties"and session timeout is working.
So whenever there is session time out or user clicks logout the logout function is called in CustomLoginModule. This works as expected but is there any way I can find in this logout methods why this method was invoked I mean user clicked logout vs session time out. And also how can I pass this info to the client side.
We have a requirement to display user message on session time out.
MobileFirst 7.1
There is no method provided by IBM MobileFirst to differentiate between a logout made by a user action (clicking "logout") to a logout that happened due to a timeout. This is custom functionality you will need to implement on your own.
If you a user clicks on "logout", store this action as a boolean flag and display the appropriate action.
Based on the value of the flag, you can then decide what message to display in case of a session timeout.
Related
Is there any way to handle a user closing the browser so by that ending his identity session and handling that event to add a logout date to the user's logs.
the main reason is auditing (user logs). start date (when the user logs in) - end date (when the user logs out or closes the browser)
I tried using onbeforeunload js event, but it went wrong when the user redirects to any page the event will fire.
I tried searching SessionEnd asp.net core events, and determined that it is not implemented in .netcore
Can Signal R accomplish this?
I'm not sure if this is possible or at least it will be a difficult task.
Would it be possible to set the following values:
ExpireTimeSpan = System.TimeSpan.FromHours(1),
SlidingExpiration = true
..in your app.UseCookieAuthentication set up?
This would ensure the session is kept alive as the user is browsing around (requests are being made) but will kill the session in a short period if they are not.
I am facing to a trouble with 2 adapters based authentication. My app is agenda (hybrid app). All adapter's functions must be protected by security.
my app uses adapters based authentication, like written in samples on DeveloperWorks.
My first adapter (loginAdapter) is dedicated for login (beginning of the mobile app). I developed a handler (handlerLogin, mobile side) with methods isCustomResponse, handlechallenge, etc.. This adapter works.
This adapter allows to get a userId from login and password.
As soon as connected, the user can download his agenda. The mobile calls an other adapter based auth (calendarAdapter). I have an other handler (handlerCalendar) with methods (isCustomResponse, handlechallenge).
When the mobile calls the method getCalendarData (protected method, CalendarAdapter), the server detects that the user is not registered for this adapter, that is why the server send an error (structure authrequired + errorMessage) via the function onAuthRequired.
At this step, all works fine.
Actually, the trouble comes from, that, the first handler (handlerLogin) catches this error, whereas it schould be the second handler (handlerCalendar).
Given that it is catched by the handlerLogin, isCustomResponse and handlechallenge are called, and I do not have the expected result ! I do not know why.
Why it is not catched by the handlerCalendar ?
I verified my code, variable's names, files, etc.. All things are ok.
For informations, I first declared the handlerLogin before the CalendarLogin.
Do you have any ideas, suggestions ??
Thank you in advance
It looks like you used the same realm.
The isCustomResponse function job is to find out if this challenge-handler should take care of this specific request. If you use the same realm for both adapters then the 2 challenge-handlers will react to it.
I would like to have my QBchat automatically be logged back in if it is disconnected. When I attempt to send a message and I am logged out, is their a callback function that I can implement to test if I am logged out? Also, if I am correct we must have a session establish with QB, than we log into our QBUUSER, than we must log into our QBChat to send messages? How can reconnect all of these pieces if I lose connection.
In case of logout this method will be called
- (void)chatDidFailWithError:(int)code;
where code will be 0
ChatDidFailWithError is a QBChat delegate method and checks for an active chat instance. If the chat has indeed failed auto-login with the user credentials saved in the DataManager singleton. (Example of which is in the QuickBlox framework's documentation)
(void)chatDidFailWithError:(NSInteger)code {
// recall user credentials from singleton class DataManager
[[QBChat instance] loginWithUser:[DataManager shared].currentUser];
}
I'm trying to implement an extra authentication layer with the purpose of authenticating the user only if he has a certain status.
If the status is different, I want to show a custom login error (Your account has been suspended) and not authenticate the user at all, similar to what happens if the credentials are wrong, but with a different error message.
So far I've tried two options:
I've added a check within a listener that checks for an "InteractiveLoginEvent". Here I can check the user status and set a flash error message but I don't see what's the proper way to redirect back to the login page, since this event has no response method, other than using a header() call which I definitely want to avoid.
I implemented a custom voter, set the "access_decision_manager" startegy to "unanimous" and returned "ACCESS_DENIED" if the status is not allowing the user to authenticate. So far so good, the user cannot access the resources but I see he still gets authenticated. And I definitely don't want that.
I'm not for sure if I'm missing something or if I'm going in the wrong direction.
Since symfony 2 makes a clear difference between authentication and authorization seems that option 2) is related to authorization, so option 1) is more suitable.
So among the "InteractiveLoginEvent" listener I just added the proper check for the user status and by throwing the following exception I managed to implement my functionality as needed:
throw new AuthenticationException('suspend error message');
So the listener looks something like this:
public function onSecurityInteractiveLogin(InteractiveLoginEvent $event)
{
if ($this->securityContext->isGranted('ROLE_CUSTOMROLE')) {
$user = $this->securityContext->getToken()->getUser();
// ... check for the user status here
throw new AuthenticationException('Your account has been suspended!');
}
}
I am implementing in app purchase on iOS, where my server will provide access to certain content when the user purchases an item. I have everything working, including having the server able to verify the receipt from the purchase before providing access to the content.
However, if for some reason the app is not able to register the transaction with my server (due to a server outage, for example), I'd like to cancel the transaction so that the user isn't charged by iTunes. Is this possible?
To explain in further detail, the app contacts my server from within the paymentQueue:updatedTransactions function after the user clicks "buy." Currently, I call:
[_myQueue finishTransaction:transaction];
after contacting my server. However, if there was an error in contacting the server, is there a function I can call to cancel the transaction instead of finishing it?
I see from here that some people just don't call finishTransaction, so that the transaction gets restored the next time the user starts the app and the transaction observer is added (so the app can try to contact the server again) However, this is less than ideal because the user won't have access to the content until they restart the app and the server is available again, and yet the user will have already paid.
Thanks!
I think the only elegant way to achieve this is to have your server implement an availability check and call it as the last thing before you actually make the purchase. Once the user has confirmed the purchase via the UIAlertView that is presented to him, the purchase is made and you must do all that you can so that he gets his money's worth.
Since there is not a method to manually cancel a transaction, this is how I handle it: I do not mark the transaction finished, then I have the option of later manually calling the paymentQueue:updatedTransactions: like so:
if (SKPaymentQueue.defaultQueue.transactions.count > 0) {
//show a loading box to user
//...
//now manually call the observer method
[self paymentQueue:SKPaymentQueue.defaultQueue updatedTransactions:SKPaymentQueue.defaultQueue.transactions];
}
If my server call fails, then I present a UIAlertView with the option to Retry or Cancel. Retry calls the code above.
That way you do not have to wait until the app restarts, however if it does, that's ok too.