I want my web application to contain only one session created at login. But my server is creating a separate session for every request to a jsp page. How can I configure to have only one session in my application?
If either a sessionId is supplied with every link the user clicks is submitted
or
cookies are used
the server can associate the request with a particular user. Otherwise a new session will be created.
EDIT:
for adding links to your URLs in case you dont have cookies ... there are some ways to do this. Either set the sessionId manually
link
or use the struts-taglibs to that for you https://struts.apache.org/1.2.x/userGuide/struts-html.html#link
Renders an HTML element as an anchor definition (if "linkName" is specified) or as a hyperlink to the specified URL. URL rewriting will be applied automatically, to maintain session state in the absence of cookies. The content displayed for this hyperlink will be taken from the body of this tag.
The taglib then rewrites the link for you. It should look like this (not tested):
<html:link page="/linkoutput.jsp">Link</html:link>
Related
I have a mobile XPages application which uses the single page application control (xe:singlePageApp) of the XPages extension library. The application also uses a workflow engine which sends out emails with links to documents to users so they can approve requests.
The link URL is composed like
http://hostname/app.nsf/m_page.xsp?action=openDocument&documentId=2A2A#requestForm
where requestForm is the name of the appPage containing the form to display a single request document.
If the user is already logged in, the browser opens and displays the document as intended.
However, if the user is not already logged in, the Domino login form is displayed (session based authentication). When the user then logs in, the same XPage is opened, but to the default page (selectedPageName attribute of the singlePageApp) instead of the appPage with the pageName requestForm. The reason for this behavior is that after submitting the login form the anchor part (#requestForm) is no longer present in the URL the browser is redirected to because the #requestForm-part is never sent to the server where the redirect URL is computed in the first place.
Possible solutions I can think of are
put the intended pageName in a real URL parameter (like documentId), parse the URL and modify the browser location (from ...&documentId=2A2A&pageName=requestForm to ...&documentId=2A2A#requestForm)
check the URL for the existence of the documentId parameter and modify the browser location (add #requestForm) if it is present
modify the Domino login form as per Jake Howlett's Suggestion (which is a not always permitted)
I was wondering now if there are more elegant solutions to this.
I would take the first option in your case. But instead of handling the url change at the client-side, I would handle this on the server-side. Otherwise, client will load the initial page once and submit an additional request to the server.
On the beforePageLoad event:
var url:XSPUrl=context.getUrl();
if(url.hasParameter("pageName")) {
var pageName=url.getParameter("pageName");
url.removeParameter("pageName");
facesContext.getExternalContext().redirect(url.toString()+"#"+pageName)
}
This will do the redirection before loading the page.
I created a custom action and object.
The only problem I have is when publishing to FB, clicking on the icon or on the title redirect the user to a blank page instead of my application.
Where can I set the redirect link?
The only url I see is the one in the opengrap html but this one is suppose to be the adress of the og wright? (
This link might help.
Basically, when the opengraph action is executed by your app, it sets the url that represents the object (which provides all the metadata for the object) and is also the URL that a user is sent to when they click the action in facebook.
E.g. https://graph.facebook.com/me/[YOUR_APP_NAMESPACE]:cook
?recipe=OBJECT_URL&access_token=ACCESS_TOKEN
In this case, the cook action is being called, with a recipe object with the given OBJECT_URL. At that url, a page should exists (generated by you), with all the facebook metadata in the head tag so that the object can be correctly created, but also with actual web page data for the user to view.
Another link worth looking at for a working example is here
I have three page which are login.asp , check.asp and admin.asp . I want to block user to access page just typing url like www.xxxxxxx.xxx/admin.asp .How ı can do that ? is there a way to check redirected page.? ı want just check.asp page can redirect to admin.asp page
I know session solution but ı want to use another one
Essentially you need to set some kind of authentication token which identifies that the user has been authenticated. This is often done with either a cookie or a session value. Then, on any page which requires authentication, you check for the existence of this token.
If the token (which can be as simple as a boolean IsAuthenticated value or an integer UserID value, or as complex as a complete User object with everything you need to know about that person, their roles, etc.) is valid, render the page. If it is not valid, redirect or display a message of some kind.
IF Request.ServerVariables("HTTP_REFERER")="" THEN
Response.write("Not accessable")
response.end
END IF
' Put this code on top of page , Request.ServerVariables("HTTP_REFERER") which gives URL of previous page. so if any one directly paste URL in browser it will be blank , so we can track by this way.
I have an FB application that uses the anchor (document.location.hash) to set tags on different elements (for example the current TAB#, the group# that is displayed...).
So whenever the user changes these elemets, I change the anchor (location.hash) and it adds #tag=...
to the URL in the address-bar (and when the user copy the link and sends it to another user) he is redirected to the specific view (on the same page).
It works well when the app is a standalone site.
But when I put it under FB application (apps.facebook.com/myapp) - it does not change the URL in the address-bar (but when I read the document.location.has I see the change). I think maybe it is because my app is inside an IFRAME.
If it cannot be fixed, maybe there is a Facebook API that changes the hash part in the URL!!!
This is not possible to change the parts of location object of parent frame if it's served from different domain... You can only change the whole location by setting it to new value:
window.top.location = 'http://example.com';
Actually document.location always refers to current document, while window.location refers to top level document and represent the URL that user see in address bar of the browser.
So generally you changed the hash for current document and if it's opened as standalone site user sees that in address bar, but once running in frame (application canvas) user doesn't see the URL of that page, but parent frame which located on other domain and subject of cross-domain policy.
Any one know how to go back to the "last page" after a user is presented the login screen and chooses to create a new account?
Basically the sequence is this:
User tries to get to protected content
Redirected to login page
If he logs in he is redirected to original page
If he chooses "create new account" and fills it out, he is redirected to the home page
How do we get him automatically redirected to the original page (not a static page).
There are several ways to go about this. The most straight-forward is to have a login link somewhere in the navigation that appends the destination to the url. The code for this is something like:
<?php
if (user_is_anonymous()) {
$link = l(t('Login'), 'user/login', array('query' => drupal_get_destination()));
}
?>
You can also set a custom access denied page at admin/settings/error-reporting that could either go to a callback that outputs the above code, or to a simple php node that outputs that code.
Additionally, the user login block provided with Drupal core uses the same method to redirect a successful login back to the originating page.
Edit: Note that the above methods will rarely work for registration, because there are more steps involved there. Specifically, when a user needs to verify an email address, passing the originating destination along via the email would involve modifying the core user registration process.
It will potentially still work on a site configured to not verify email addresses. The idea then would be to provide 2 links: 1 for login and the other for registration, both passing along destination information.
LoginToboggan may also be worth pursuing, although it doesn't yet offer the exact registration feature you're looking for.
straight php would be to include a header of this form:
<?php header("Location: " . $_SERVER['HTTP_REFERER']); ?>
for more information refer to the php manual
EDIT:
you can also include a hidden field in your form and set it to
$url = $_SERVER['PHP_SELF']; // or HTTP_REFERER depending on the setup
include the header code snipped to your registration form.