Right, so I can't find any questions similar to my issue or any possible fixes for my issue.
Basically, I have a Blazor App (Server-Side) which makes use of Individual Account Authentication with use of Roles.
A section of the App, is a listing of currently Logged-In users (Using Signal R, to check for Users currently Logged-In by using a simple List of Users and their last "pinged" datetime.)
A ping happens every 10 seconds to query all connected users, and return their user.Identity.Name along with the DateTime at the moment of ping. Then the DateTime is compared in the list and if any of the Users last pinged time vs latest pinged time is greater than 15 seconds, we assume they are no longer logged in, or have the Tab open and remove them from the list. This all works well enough since we ping every 10 seconds, and have a 15 sec window before marking as logged out/offline.
The problem however, is the AuthenticationStateTask seemingly retains a users Identity even when Logging out?
Eg. I log in as User1 > pings happen as expected. I log-out. Pings still happen... it still hits the AuthenticationStateTask and still picks up a User identity somehow (And still shows as Authenticated). I then log in as User2, and start getting returns for both User1 and User2.
As extension to this problem, even closing the browser window after logging out doesn't actually stop pings from happening... only when completely closing the browser will the pings stop.
If anyone has any clue as to why this is happening, please let me know. Even if I'm being silly, and the problem is obvious tell me where I messed up. If more information is needed let me know, and I'll update.
Much thanks!
the last couple of days I implemented the autodiscovery/auth flow for UCWA against Skype for Business Online and AzureAD. When I'm done and having the URL to the application directory (+ the OAuth2 Credentials) I save those into our internal system. So later on I want to create online meetings with this data. The URL to the applications directory looks like this: https:\/\/webpoolam42e10.infra.lync.com\/ucwa\/oauth\/v1\/applications\/101331226048\/onlineMeetings\/myOnlineMeetings
If I do this within the first minutes of retrieving the data it works just fine. But later on it seems, that the application directory is gone. I'm getting this response:
body":"{\"code\":\"NotFound\",\"
subcode\":\"ApplicationNotFound\",\"message\":\"An error occurred. Please retry. If the problem persists, contact your support team.\"}
Status Code is 404.
Later on I even tend to get 401 errors that mean unauthorized.
I suspect the application server going away and only being temporarily available. I got a refresh token and a valid access token, so this wont be a problem. I've got no clue what is going on there and wasnt able to find help in the docs. So maybe one of you got any advice - I'd be really thankful!
Side-Info:
I'm doing all this in PHP and I only have user-interaction at the initial authentication. I save the refresh token and all other things I need, so that my server-side application can use the authorization in long term.
Reporting here part of my reply to another question:
Keeping a UCWA App always online:
If you need to achieve that, you need to understand and implement correctly the concepts explained here me Dashboard, especially at Reporting activity section:
call reportMyActivity every 4 minutes max.
maintain an active P-GET with the Events Channel
handle possible timeouts on the Events Channel
handle possible DELETE events (on the Events Channel) the server can send for the application, for which you'll have to regenerate your app Application dashboard
reporting app's activity, and keeping a valid open P-GET with Events Channel are both very important!
I am working on web application in MVC4-asp.net.For login I am using Simple membership Provider method to login.All is working properly but according to project requirement there will be no same user can not login at the same time on different machine.how to make changes in MVC simple membership.if any user is logged in and any one try to login at the same time using same username then it will be display message like "This user is already Logged In" and user will be not able to log in at that time.
Please give some suggestion on that.
Thanks in advance.
You Can do it by many ways, simple approach is
Set one flag at the time of login into database.
Check flag every time when you are sign in.
Remove flag at time of logout.
There are some issues in using this approach like what if user is close browser without logged out, for that you can set session time out.Hope this will help.
If a user is inactive, then the user would be logged out due to session time out, but how do I track session or activity of a user in Unity3D?
That is, if a user is active in Unity web player by clicking on the objects or doing some kind of action, then the session should be kept active and the user should not be logged out. If the user is inactive and nothing happens in the web player, then the user should be logged out.
I'm not asking how to implement session time out... I'm asking how to track user activity in unit web player in ASP .NET MVC web app, so as to keep unity web player active when necessary.
Hope this makes sense. Like what kind of request should be sent from server to unity to know if unity is active or not.
There's this:
http://docs.unity3d.com/Documentation/Manual/UnityWebPlayerandbrowsercommunication.html?
I know how to set it up but I'm not sure what kind of requests should I be firing or checking for...
It seems your game requires clicking. You can simply take the time from one click to another via OnMouseDown() and check if it is greater than a time. You could also check last mouse position with current mouse position.
The best way is you make a set of all the possible keys that can be used. Then make a smaller subset that represents the whole set and test for use on those.
I am currently building an internal web application used in a factory/warehouse type location. The users will be sharing a single PC between several people, so we need to have a fairly short session timeout to stop people wandering off and leaving the application logged in where someone else can come to the PC and do something under the previous user's username.
The problem with this is a session can timeout while a user is currently entering information into a form, especially if they take a long time.
How would you deal with this in a user friendly manner?
Keep the server informed about the fact that the user is actively entering information.
For instance send a message to the server if the user presses the TAB key or clicks with a mouse on a field.
The final solution is up to you.
Use AJAX to regularly stash the contents of the partially filled-out form so they have not lost their work if they get booted by the system. Heck, once you're doing that, use AJAX to keep their session from timing out if they spend the time typing.
The best advice would probably be to ask the users to close the browser window once they're done. With the use of session-cookies, the session will automatically end when the browser is closed or otherwise on a 30 minute timeout (can be changed afaik).
Since there by default is no interaction between the browser and the server once a page is loaded, you would have to have a javascript contact the server in the background on forms-pages to refresh the session, but it seems a bit too much trouble for such a minor problem.
If the session timeout is so short that the user doesn't have the time to fill in a form, I would put an AJAX script that makes a http request to the server, every few minutes, to keep the session alive. I would do that only on pages that the user has to fill in something or has already started filling something.
Another solution would be to use a session timeout reminder script that popups a dialog to remind the user that the session is about to time out. The popup should display a "Logout" and a "Continue using application" that makes a ajax request to update the session time out.
Maybe that a keep-alive javascript process could be helpfull in this case. If the script capture some key triggers, it send a "I'm still typing" message to the server to keep the session alive.
have you considered breaking the form into smaller chunks?
Monitor the timeout and post a pop-up to notify the user that their current session will expire and present "OK" or "Cancel" buttons. OK to keep the session going (i.e. reset the counter to another 5 minutes or 10 minutes - whatever you need) -or- Cancel to allow the session to continue to countdown to zero and thus, ending.
That's one of lots of ways to handle it.
Using a JavaScript "thread" to keep the session open is, to me, a bad idea.
It's against the idea of session timeout which exists to free some resources if there's no user in front of the application.
I think you should adjust the session timeout with the more accurate time, in order to fill the form in an "typical normal use".
You may also be proactive by :
having a JavaScript alert displaying a non-intrusive warning (not a popup) to the user before the timeout expire, which say that the session will expire soon (and give an link to send an ajax request to reset the timeout and remove that warning - that will avoid the user to lost the form he is currently typing),
and also have a second JavaScript "thread", which, if the session has expired, redirect to the login page with a message saying that the session has now expired.
It think that's the best because it avoid the user to fill a complicated form for nothing, and handle the case when the user has gone away.
As an alternative for the technical solutions, you could make your application in such a way that everytime a particular job is done, for example filling in a form, you ask the user if he wants to continue doing another job or if he's done. Yould could have a startscreen with menu options and if the user chooses an option he first has to enter his credentials.
Or put a password field on the form. Depends on how many forms they have to fill in a session.
When the user posts the form and their session has timed out, you should make sure you save the form values somewhere and then ask the user to login again. Once they have re-authenticated you they can then re-submit the form (as none of their data will have been lost).
I had developed something requiring very long session. The user logged in on a page when he sit on the machine and after doing his work, logged out. Now he may use system for few minutes or for hours. To keep session alive till he logged out, I used timer with javascript, it went to server and updated an anthem label with current time on server.