I have a mobile XPages application which uses the single page application control (xe:singlePageApp) of the XPages extension library. The application also uses a workflow engine which sends out emails with links to documents to users so they can approve requests.
The link URL is composed like
http://hostname/app.nsf/m_page.xsp?action=openDocument&documentId=2A2A#requestForm
where requestForm is the name of the appPage containing the form to display a single request document.
If the user is already logged in, the browser opens and displays the document as intended.
However, if the user is not already logged in, the Domino login form is displayed (session based authentication). When the user then logs in, the same XPage is opened, but to the default page (selectedPageName attribute of the singlePageApp) instead of the appPage with the pageName requestForm. The reason for this behavior is that after submitting the login form the anchor part (#requestForm) is no longer present in the URL the browser is redirected to because the #requestForm-part is never sent to the server where the redirect URL is computed in the first place.
Possible solutions I can think of are
put the intended pageName in a real URL parameter (like documentId), parse the URL and modify the browser location (from ...&documentId=2A2A&pageName=requestForm to ...&documentId=2A2A#requestForm)
check the URL for the existence of the documentId parameter and modify the browser location (add #requestForm) if it is present
modify the Domino login form as per Jake Howlett's Suggestion (which is a not always permitted)
I was wondering now if there are more elegant solutions to this.
I would take the first option in your case. But instead of handling the url change at the client-side, I would handle this on the server-side. Otherwise, client will load the initial page once and submit an additional request to the server.
On the beforePageLoad event:
var url:XSPUrl=context.getUrl();
if(url.hasParameter("pageName")) {
var pageName=url.getParameter("pageName");
url.removeParameter("pageName");
facesContext.getExternalContext().redirect(url.toString()+"#"+pageName)
}
This will do the redirection before loading the page.
Related
Let us say the user is on the Settings page but goes away from the keyboard for a while.
Technically the user is not authenticated but is able to "surf" his/her settings page until the user hits a page where some new data from the server is requested.
Currently, I just catch the "Unauthenticated" response and reload the page so the user gets to /login.
I'm using Laravel, but the setting page is based on Vue + Vue router. The setting is thus a single page but acts as it has many.
So how do you handle this kind of situation? Are you checking the authentication status like every 1 minute?
I have three page which are login.asp , check.asp and admin.asp . I want to block user to access page just typing url like www.xxxxxxx.xxx/admin.asp .How ı can do that ? is there a way to check redirected page.? ı want just check.asp page can redirect to admin.asp page
I know session solution but ı want to use another one
Essentially you need to set some kind of authentication token which identifies that the user has been authenticated. This is often done with either a cookie or a session value. Then, on any page which requires authentication, you check for the existence of this token.
If the token (which can be as simple as a boolean IsAuthenticated value or an integer UserID value, or as complex as a complete User object with everything you need to know about that person, their roles, etc.) is valid, render the page. If it is not valid, redirect or display a message of some kind.
IF Request.ServerVariables("HTTP_REFERER")="" THEN
Response.write("Not accessable")
response.end
END IF
' Put this code on top of page , Request.ServerVariables("HTTP_REFERER") which gives URL of previous page. so if any one directly paste URL in browser it will be blank , so we can track by this way.
A user logs into my application in a tab in a browser
They get an email and click a link which opens a new tab in the same browser and logs them in under a different email say.
If they go back to the first tab they are no longer the same user and I want the page to automatically detect this and then reload or redirect them if they are unauthorized to view the page.
Anyway to do this?
Or, if you really want to know when user is switched the tab, try this library:
visibility.js
As stated by #Hck:
add javascript code to reload page periodically (for example once per 30 seconds) – Hck
JavaScript is pretty much the only way to make pages do stuff after they're loaded. Note that in pretty much any user authentication system, a given browser will only be logged in as one user at a time, so as soon as the second tab opens, that browser will be acting as the second user - they can still see the current content of the first tab, but links (for instance) will no longer work unless the second user was also authorized to use them.
There are some JQuery plugins that do this sort of thing, like PeriodicalUpdater, or you can write your own (an example).
I have an FB application that uses the anchor (document.location.hash) to set tags on different elements (for example the current TAB#, the group# that is displayed...).
So whenever the user changes these elemets, I change the anchor (location.hash) and it adds #tag=...
to the URL in the address-bar (and when the user copy the link and sends it to another user) he is redirected to the specific view (on the same page).
It works well when the app is a standalone site.
But when I put it under FB application (apps.facebook.com/myapp) - it does not change the URL in the address-bar (but when I read the document.location.has I see the change). I think maybe it is because my app is inside an IFRAME.
If it cannot be fixed, maybe there is a Facebook API that changes the hash part in the URL!!!
This is not possible to change the parts of location object of parent frame if it's served from different domain... You can only change the whole location by setting it to new value:
window.top.location = 'http://example.com';
Actually document.location always refers to current document, while window.location refers to top level document and represent the URL that user see in address bar of the browser.
So generally you changed the hash for current document and if it's opened as standalone site user sees that in address bar, but once running in frame (application canvas) user doesn't see the URL of that page, but parent frame which located on other domain and subject of cross-domain policy.
I want my web application to contain only one session created at login. But my server is creating a separate session for every request to a jsp page. How can I configure to have only one session in my application?
If either a sessionId is supplied with every link the user clicks is submitted
or
cookies are used
the server can associate the request with a particular user. Otherwise a new session will be created.
EDIT:
for adding links to your URLs in case you dont have cookies ... there are some ways to do this. Either set the sessionId manually
link
or use the struts-taglibs to that for you https://struts.apache.org/1.2.x/userGuide/struts-html.html#link
Renders an HTML element as an anchor definition (if "linkName" is specified) or as a hyperlink to the specified URL. URL rewriting will be applied automatically, to maintain session state in the absence of cookies. The content displayed for this hyperlink will be taken from the body of this tag.
The taglib then rewrites the link for you. It should look like this (not tested):
<html:link page="/linkoutput.jsp">Link</html:link>