My application sends its users some e-mails with links inside.
The user is logged in the browser, in a persistent session that lasts even when the user closes the browser.
If the user CLICKS the link in the e-mail, it opens a not authenticated (in my application) new tab in the browser, as if the user hadn't logged in. Just as if the click from inside the e-mail cleared the browser cookies before opening the page.
If they COPY AND PASTE the link in their browser, it works just fine, with the link being opened in a authenticated session in my application.
I use Firebase to manage authentication in my platform.
This issue happens both on desktop and mobile.
Related
I have successfully embedded a live streaming with corresponding chat into my Wordpress website.
I wish my website users are able to interact with the chat embedded, but also if a user log in to my website using #gmail address, the chat remains not activated showing "sign in to chat" message.
is there a way to allow site users, logged in with gmail credentials, to interact with the chat directly from my site? I noticed that this only works if you browse through Chrome with an account, but on other browsers it doesn't work.
I've recently started developing e-commerce app with multiple types of users, and currently I am experiencing some issues with browsers Page Cache. Here is one example for user authentication
Authentication Token is generated
Authentication Token is written into the database
Authentication Token and its expiry is saved into the user session
I wrote middleware that checks if user is authenticated and if its authorized (checks the token and access level) as well as expiry - tested it, it works. On "Log Out" I am destroying a session and renewing the token with Session.Destroy(r.Context()) and Session.RenewToken(r.Context())
Here is the problem:
I log in as "Admin" and go to DASHBOARD page for which only admin users are authorized to access.
I logout
I login as regular user and click "BACK' on browser it takes me to Dashboard page when it should not. But, when I refresh the page it does say "UNAUTHORIZED" which is what I was expecting when clicking "back" or something.
I was searching through the internet and found a "solution" where I set the headers in the following manner:
w.Header().Set("Cache-Control", "no-cache, private, max-age=0")
w.Header().Set("Expires", time.Unix(0, 0).Format(http.TimeFormat))
w.Header().Set("Pragma", "no-cache")
w.Header().Set("X-Accel-Expires", "0")
This however, does not work for me. I do see these headers in the NETWORK card when I open my Web Developer Tools, but problem remains.
What am I doing wrong?
On my website, the user can log in through Facebook.
I have also created a Facebook canvas app which consists of a small part of my website.
Through the Facebook canvas app, the user can access certain features of the site regarding their site account.
It works great when the user accesses the FB app while already being logged into the site.
However, if the user accesses the FB app while NOT being logged into my site - how do I log them into my site through the app?
It would be ideal if I could somehow automatically log them into their account when accessing my site through the FB app.
If that isn't possible, I would like the user to be able to log into my site through the Facebook app.
However right now when I redirect to the oauth login I get the following error:
Refused to display
'https://www.facebook.com/dialog/oauth?response_type=code&client_id=…nLpHx7N5X--Q'
in a frame because it set 'X-Frame-Options' to 'DENY'.
Summary:
Can I auto-login to my site when accessing the site through Facebook canvas
If not, how can the user log into my site through the canvas app?
So basically your problem was just how to call the FB login dialog from within canvas. If you use the URL redirect version, then you have to call it in the top window instance – the login dialog can not be shown in any kind of (i)frame, for security reasons¹
top.location.href=… in JavaScript, or target="_top" for a simple link can achieve that.
¹ User needs to be able to verify via address bar that they are entering their credentials on facebook.com, to prevent phishing attacks.
When a user presses on the login button via google or facebook, in ios it transfers the user to a
link in safari where the user should complete the login process.
is there a way to complete the login process with google\facebook within the app,
and not send the user to a safari page?
My ios app was rejected saying the login process should be completed within the app and should not transfer the user to a webpage in safari.
is there a way to open the google/facebook login page in the app itself using gitkit?
I assume login from an external webpage in Safari meaning e.g. the default Facebook fallback option for when a user doesn't have Facebook app installed and/or Facebook account logged in, in the Settings app.
We had the same problem with Apple for one of our app. We sent them a response saying "This is how Facebook's iOS SDK works, here's the link to the Facebook iOS SDK documentation explicitly stating the Facebook uses Safari as a fallback option by doing a quick app switch".
Next day, app was approved. I think the reviewer wasn't familiar with the authentication technology, so I think it's worth mentioning to the reviewer, hopefully it's the same case for you.
To login to Facebook without extra UI, you'd need to expect the user to have Facebook logged in, in the Settings app. From our own experience, this wasn't favourable, a number of users had the actual Facebook app installed on their device but didn't know how to login and at the time, we only offered login via the Social Framework (Facebook/Twitter through the Settings App).
Hi all we are building a portal at work. When the user logs on to the portal he/she can press a button which will re-direct them to a peoplesoft webpage. This works fine however when the user only closes the tab in the peoplesoft webpage and doesn't sign out he/she has an issue re-visiting the peoplesoft page again. For example; user logs on to portal --> clicks button -->( (A)cmd=pslogin logs in if required) redirected to peoplesoft page -->closes tab (doesn't sign out)--> goes to tab with portal --> click button --> peoplesoft page doesn't load blank screen comes up. The blank screen that comes up is the same as the one from before (A) however nothing appears. I think the issue is that when the user closes the tab without logging out the session/cookies on the local machine are never removed. Thank you
Your portal probably uses bypass signon. This enables a guest user to automatically be logged in as a default user. When that person is signed into PeopleSoft cookies get set, one of which is a session timeout cookie. When the person revisits the site without logging out they still have that cookie and PeopleSoft sees they had a now invalid session and sends them to an error or login screen.
Are you linking directly to a tab page or some other component URL?