If a user is inactive, then the user would be logged out due to session time out, but how do I track session or activity of a user in Unity3D?
That is, if a user is active in Unity web player by clicking on the objects or doing some kind of action, then the session should be kept active and the user should not be logged out. If the user is inactive and nothing happens in the web player, then the user should be logged out.
I'm not asking how to implement session time out... I'm asking how to track user activity in unit web player in ASP .NET MVC web app, so as to keep unity web player active when necessary.
Hope this makes sense. Like what kind of request should be sent from server to unity to know if unity is active or not.
There's this:
http://docs.unity3d.com/Documentation/Manual/UnityWebPlayerandbrowsercommunication.html?
I know how to set it up but I'm not sure what kind of requests should I be firing or checking for...
It seems your game requires clicking. You can simply take the time from one click to another via OnMouseDown() and check if it is greater than a time. You could also check last mouse position with current mouse position.
The best way is you make a set of all the possible keys that can be used. Then make a smaller subset that represents the whole set and test for use on those.
Are there some good resources tutorials or anyone has tried to implement a Capcha on devise when user enters x wrong passwords?
The idea is that the capcha shows up on to many requests to prevent bots or other bad guys out and limit the number of requests on the devise signing page.
I can think of doing that in two ways:
The first one is based on failed_attempts attribute (so you should increment it after each unsuccesful login). To use it on Devise, you may create your own FailureApp overriding the respond method to update to do an increment on the failed_attempt attribute on the user. When the user reaches the captcha limit, you may set a the flash attribute to signalize about this and thus, you decide on your controller about the captcha. But there is a problem with this way: as it logs for users, it won't work for an user trying different logins.
The second one is based on the IP: for each unsuccessful login, you keep record of IPs and unsuccessful attempts and when an IP reaches a limit you set the already mentioned flash attribute to signalize that the request number from that IP have already reached the limit and you can show the captcha. You can use ActiveRecord and a relational database or even something lightweight like Redis to do that. You may also think about ways to remove old data from this database.
Half or more of our users fall within a specific demographic that consists of expats. Quite a few of them are couples that share the same machine but have separate accounts. For the sake of data integrity I want to close an existing session on a machine if another log in is attempted with the second user's account. Anyone know how to do this?
Thanks!
UPDATE: Not quite sure how i could use this info yet. Not sure of the syntax either. What object? Can you access it if you don't know whether it exists?
(Object) resource
Gets the actual resource stored in the instance variable
(Object) signed_in_resource
Returns a signed in resource from session (if one exists)
UPDATE2: Getting closer... i think. Perhaps the session cookie is the key. Wondering how i delete it at the end of a session. If one exists, if i delete it, then that kills the existing session and then the login can then begin the new one. Work on this when i get back from my lunch appt.
The answer was so easy. Deleting the cookie terminates the session.
if cookies[:_Applicationname_session]
cookies.delete(:_Applicationname_session)
end
'Applicationname' is whatever the application name is. It is found, among other places, in your application.rb file. e.g.:
module Applicationname
class Application < Rails::Application
IMPORTANT: Don't forget the underscore that preceeds Applicationname.
I heard in an old stackoverflow podcast that they minimized the use of sessions, and that they basically only needed it when posting. How can that be? Don't they need to use some form of sessions on every page view if nothing more than to tell that I'm logged in? How else do they show your username instead of the "Log In" prompt at the top of the screen?
When this type of thing becomes important is when you're persisting your sessions in a database. Now each time you touch your session store, you touch your database. So it would be great if you could avoid it.
You could store all your state in a cookie, but if you care at all about security, then you'll probably want to control state on your server instead.
I don't know about the podcast you're referring to, but I'm not really sure they were saying what you thought they were saying...
Session data doesn't necessarily have to be written to DB everytime it's touched. You could easily have a cached (using memcached or something similar) intermediary. You could then write the session data to DB every X amount of requests/minutes/writes/whatever.
I am currently building an internal web application used in a factory/warehouse type location. The users will be sharing a single PC between several people, so we need to have a fairly short session timeout to stop people wandering off and leaving the application logged in where someone else can come to the PC and do something under the previous user's username.
The problem with this is a session can timeout while a user is currently entering information into a form, especially if they take a long time.
How would you deal with this in a user friendly manner?
Keep the server informed about the fact that the user is actively entering information.
For instance send a message to the server if the user presses the TAB key or clicks with a mouse on a field.
The final solution is up to you.
Use AJAX to regularly stash the contents of the partially filled-out form so they have not lost their work if they get booted by the system. Heck, once you're doing that, use AJAX to keep their session from timing out if they spend the time typing.
The best advice would probably be to ask the users to close the browser window once they're done. With the use of session-cookies, the session will automatically end when the browser is closed or otherwise on a 30 minute timeout (can be changed afaik).
Since there by default is no interaction between the browser and the server once a page is loaded, you would have to have a javascript contact the server in the background on forms-pages to refresh the session, but it seems a bit too much trouble for such a minor problem.
If the session timeout is so short that the user doesn't have the time to fill in a form, I would put an AJAX script that makes a http request to the server, every few minutes, to keep the session alive. I would do that only on pages that the user has to fill in something or has already started filling something.
Another solution would be to use a session timeout reminder script that popups a dialog to remind the user that the session is about to time out. The popup should display a "Logout" and a "Continue using application" that makes a ajax request to update the session time out.
Maybe that a keep-alive javascript process could be helpfull in this case. If the script capture some key triggers, it send a "I'm still typing" message to the server to keep the session alive.
have you considered breaking the form into smaller chunks?
Monitor the timeout and post a pop-up to notify the user that their current session will expire and present "OK" or "Cancel" buttons. OK to keep the session going (i.e. reset the counter to another 5 minutes or 10 minutes - whatever you need) -or- Cancel to allow the session to continue to countdown to zero and thus, ending.
That's one of lots of ways to handle it.
Using a JavaScript "thread" to keep the session open is, to me, a bad idea.
It's against the idea of session timeout which exists to free some resources if there's no user in front of the application.
I think you should adjust the session timeout with the more accurate time, in order to fill the form in an "typical normal use".
You may also be proactive by :
having a JavaScript alert displaying a non-intrusive warning (not a popup) to the user before the timeout expire, which say that the session will expire soon (and give an link to send an ajax request to reset the timeout and remove that warning - that will avoid the user to lost the form he is currently typing),
and also have a second JavaScript "thread", which, if the session has expired, redirect to the login page with a message saying that the session has now expired.
It think that's the best because it avoid the user to fill a complicated form for nothing, and handle the case when the user has gone away.
As an alternative for the technical solutions, you could make your application in such a way that everytime a particular job is done, for example filling in a form, you ask the user if he wants to continue doing another job or if he's done. Yould could have a startscreen with menu options and if the user chooses an option he first has to enter his credentials.
Or put a password field on the form. Depends on how many forms they have to fill in a session.
When the user posts the form and their session has timed out, you should make sure you save the form values somewhere and then ask the user to login again. Once they have re-authenticated you they can then re-submit the form (as none of their data will have been lost).
I had developed something requiring very long session. The user logged in on a page when he sit on the machine and after doing his work, logged out. Now he may use system for few minutes or for hours. To keep session alive till he logged out, I used timer with javascript, it went to server and updated an anthem label with current time on server.