In my Laravel application, after a user is logged for the first time after registration using
loginUsingId()
the user gets authenticated (logged in). But after a few hours (maybe 2-3 hours. I'm not sure), after the session has expired or the user has logged out, it can't log in back again using:
Auth::attempt()
But it happens for a reason that I don't know. Why is this happening? Please share your expertise on this.
Most probably, you are not storing the registration data perfectly in the DB.
Is the password hashed perfectly?)
Or cipher proble. Help here.
Or rememberToken methods are not set up perfectly. Help Here.
Related
I am working on web application in MVC4-asp.net.For login I am using Simple membership Provider method to login.All is working properly but according to project requirement there will be no same user can not login at the same time on different machine.how to make changes in MVC simple membership.if any user is logged in and any one try to login at the same time using same username then it will be display message like "This user is already Logged In" and user will be not able to log in at that time.
Please give some suggestion on that.
Thanks in advance.
You Can do it by many ways, simple approach is
Set one flag at the time of login into database.
Check flag every time when you are sign in.
Remove flag at time of logout.
There are some issues in using this approach like what if user is close browser without logged out, for that you can set session time out.Hope this will help.
I'm horrible at security so I was curious if you guys had any ideas. I recently wrote an application in Python that I will be selling to select people. The information on the application is private (not incredibly so, I just need a minimal solution). How could I have a user login to the application (from a MySQL database), then have the program check is someone is logged in already under those credentials. Here is a basic flow:
User opens the EXE (cx_freezed python file)
Program asks user for their login (from a MySQL database)
Program checks if someone is already logged in using that info
If someone is logged in, don't let them log in. If someone isn't, log them in.
I have absolutely no idea where to start with this, any suggestions/directions to point me?
Don't be a Dave and roll your own security system. Use an existing one if you can
This shouldn't have anything to do with your database. If you happen to persist session info to the db, that's fine, but your session-management should be in-memory
Basically you should have a list of authenticated users in memory somewhere in application state. if authenticatedSessions.get($username) != null then deny
Concurrent Session Control is a PITA for users. Example: You login just before leaving work, then get in your car, try to login from your mobile, and now you can't. Consider allowing 2 concurrent sessions, or keep the timeout short
Spring Security (Java) has this feature. It's open source so you could "gain inspiration" it: http://docs.spring.io/autorepo/docs/spring-security/current/reference/htmlsingle/#ns-concurrent-sessions
I am making an app where I need to have the user log in into their spotify account.
I would like to know how can I know if the user is already logged in or not into Spotify?
What I am trying to do in my application is ask to log in only if I have never logged in before and take the user through the authentication process.
If I have logged in before I want to skip the part where I ask the user to log in. This would have to work also if the user has logged in, left the app for some time and came back to it, I don't want to have to require a re-login by the user. How can I get that status from Spotify ?
I appreciate any guidance with this, thank you.
Since it's very likely that the access token has expired by the time you want to use it again, you would need to use the Authorization Code flow, storing the access token and refresh token of the user.
You can try making a request to an endpoint like Get Current User's Profile passing your current access token.
Should it fails, try refreshing it. If you get an access token back, then you know the user is logged in and you have a valid token you can use. Otherwise, consider the user is not logged in.
Where to store the refresh_token and access_token is up to you. You could do it in localStorage, or even better, in a database.
I am planning to develop something small in windows 8 using HTML/JavaScript project type. I have very basic question. How will i manage the session that who is logged in and what they are doing? This looks kind of absurd question so i will try to give some details of what i have in mind.
User opens the app and gets login page.
User enters username/password.
App calls WCF service or WebAPI and validates the user.
After the third step, user information has to be kept somewhere because i have to know every time who is the logged-in user so that i can check on every operation that what rights the user has and is he authorized to execute particular operation or not.
Since everything here is HTML/JS, i dont know where should i keep the user login information?
Can someone please throw some light as what am i missing here?
Use PasswordVault API to store the password or other secret
http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.credentials.passwordvault.aspx
Then you can send your auth token with the subsequent request.
Is this what you are asking? Or, I misunderstood it?
Well, since I am facing some issues with OAuth implementation, I decided to go back to normal method where users will input their login id and password and I will use them in my code to validate their google account to fetch calendar information. So when user enters login id and password, the page is getting stuck. When I check the code, setUserCredentials is the method where it is getting stuck. But when I enter my login id and password and debug on development site, it works fine. There is no problem when I debug. And importantly , the problem appears for first time only, once I debug the code and next time I try it without breakpoint, it works fine.
Does anyone know why setUserCredentials takes time or any way I can track why it is taking so time?
I have asked the same question on Google data api forum, but nobody answered it.
I reverted back to old Google Data API version from 1.41 to 1.40 and it worked.
What issues are you facing with the OAuth implementation? Using client login can potentially cause accounts to be flagged as hijacked.