Didn't find any similar question.
I will be creating a production Chrome extension for the first time and wanted to know if my company's login session can be shared between both webpages and extensions. Currently there is both Google authentication and a normal authentication on the company login page but I assume I only have to consider session and cookies.
If a user is logged in from the site, the extension should show logged in too and vice versa. The extension will also display login screen if user isn't logged in anywhere.
Is it bad practice by any chance?
Related
Let's say I want to go to a specific web page and track their users activity (for example get their location, how many times they logged on, the links they clicked etc..) Its is easy to implement this if it was my website, however I want to do it for any website.
Is it technologically doable? Do you have any idea how i can start to implement this?
If the website publicly (with or without authentication) gives Users data, you can do web scraping.
The data that you mentioned are the website stats which can be tracked only by the website or the Web server. Unless you have access to the server logs, you can't do it.
I am currently building a mobile app that will use an existing vBulletin install as a login system. I've run into an issue where if a user is already signed on somewhere else, they cannot sign back on using the application. On the vBulletin site, if this happens, you are presented with a "Force Logout" button that will end all existing login sessions and allow you to login again.
Is there a way to implement such a feature use just the API? I cannot query the database, unfortunately, and my only means of accessing the vBulletin system is through api.php methods. The vBulletin API documentation is woefully incomplete, so I am hoping someone else would have an answer for this.
If it helps at all, I am using Flex and AS3 to build the application and have successful login and logout, but the logout only works if you pass an appropriate sessionHash to the API.
This was an issue with our specific vBulletin config. We had to write a custom script that would allow us to access the forcelogout.php page/script and force a logout.
I'm an Admin for this page
http://developers.facebook.com/tools/debug/og/object?q=http%3A%2F%2Fwww.westberks.gov.uk%2Findex.aspx%3Farticleid%3D23789
and I've also specified that my App can administer it too. I've Liked this page so I thought I should be able to access the admin screen for the page but I can't seem to. Any ideas on how I access the admin screen for this page in FB, so I can manually publish updates?
Additionally, when I try to update page programmatically I get the message
(OAuthException) (#200) The user hasn't authorized the application to perform this action
but the page has my App listed here
http://graph.facebook.com/10150303466842688
This was definitely a bug rather than a programming or setup issue. The bug has been marked fixed by Facebook as of 1/18/2012 and everything now works as it is supposed to! Bug report:
http://developers.facebook.com/bugs/308356579205492?browse=search_4f0f1475c470b2076799347
Until this recent fix, there was a problem where OpenGraph pages did NOT allow the admins of those pages to retrieve page access tokens for them. Which means they were locked out of posting "as the page" and apparently also locked out of the Admin area for their own pages as well.
I know that this is fixed for me now with this bugfix, and hopefully it will also be fixed for everyone else.
You will need to ask for manage_pages, read_stream and publish_stream. Once your admin accepts those permissions, the app can call me/accounts on the Graph (play here https://developers.facebook.com/tools/explorer). In there will be a list of all the pages they admin. In each listing will be a unique access token. This is called the page access token. Using that token you should be able to read and write to the me/feed for that page.
I have an ASP.Net 3.5 web site with forms authentication enabled. Is it possible to have Googlebot crawl my web site without getting prompted for a username/password?
Google claims that is not wont to index page and show them on the users as available that are not, because actually they request user name and password.
It can give the option only to crawl the protect page by the AdSense so he can know what advertize to show on them
https://www.google.com/adsense/support/bin/answer.py?answer=37081
Other solutions that check if is bot or coming from google bot computers are not safe because they can easy spoof by the users, and also may fail to show a preview or a cache of the page.
So you need to think your site structures, what is very important and what is not, to show some part of the pages, hide some other if the user is not register, and that way google have something to index even if its not loged in.
Here is an article:
http://www.guruofsearch.com/google-access-password-protected-site
It would be interesting to see if a google sitemap would result in pages showing up in google - but I doubt that would work either, as the pages would likely need to be crawled anyway.
And some other interesting comments here:
http://forums.searchenginewatch.com/showthread.php?t=8221
I'm using ASP.NET Sitemaps with a custom Role Provider to generate a site Menu that displays available links depending on user role.
This works fine if the roles don't change while a user is logged in.
When the roles do change while the user is logged in, the Menu isn't automatically updated (I've checked, and the Roles.GetRolesForUser() is only called on login). This results in the user having access to the areas of the site he doesn't have permission to see. This access is not only visual (in the form of the Menu items being displayed), but the access restrictions as defined in the Web.config are not being enforced either.
Is there a way to trigger the Menu/access control refresh when the roles are changed? Or do I need to force a logout?
Thanks in advance
EDIT: I just realized I had the Role Manager cacheRolesInCookie enabled, which meant that GetRolesForUser() was only being hit once and any further role checks were made using the cookie. Any way to refresh the cookie programmatically or do I have to live with the cache turned off? Maybe just removing the cookie will solve it?
Went for the non-cached version, which works fine.