Logic for Cookie and Javascript disable in browser in Spring controller - spring-mvc

I have created custom login form using SpringFramework3.2 and Springsecurity3.2. If in browser cookie and javascript is disable then I will redirect it to another page showing custome message. But require logic for cookie and javascript disable in Spring controller. Can anybody tell that logic. Will appreciate your help.

your site should work without requiring javascript or cookies. Google will likely not index your site and you will get fewer visitors. Some people disable javascript or cookies, and they won't be your customers either.
To detect whether javascript is enabled from your server see How to detect if JavaScript is disabled?
To detect whether cookies are enabled from your server see How to detect server-side whether cookies are disabled

Related

Making a http request using CEFSharp and all its stored cookies

I'd like to make a webrequest to facebook or authenticated site using the cookies already contained in cefsharp after the user has logged on.
How can I do that? I'm currently using HttpWebRequest. Can I somehow retrieve cookies from CEF and pass it to HttpWebRequest? Tried looking at CEFRequest but it's not accessible nor do I know how to use it
I need all this in order to prefetch resources needed by 2000 sites that I need precached. If you can suggest another way to do that please recommend that as well
The method Cef.VisitAllCookies() will issue a callback for each cookie. You can then selectively include some or all of these cookies in web requests that you make using HttpWebRequest.
https://github.com/ataranto/CefSharp/blob/master/CefSharp/CefSharp.h#L122

How to remove HTTPS to HTTP Security Alert message in .Net

How to disable or block that Security Alert so that when any user access my Secured Page he
will not get Security Alert Dialog. Any help will be appreciated and thank
you in advance.
Thanks
Narendra Singh
To my knowledge, the security of a page is recognized at the browser level, and it is the browser that raises the security alert. Is it true that you are doing a redirect in your .NET code from an https page to an http page? If so, the cause is that the browser has detected a transfer from a secure page to an unsecured page without the user's consent, which causes a warning.
I'm unsure of your situation, but one way to get around this is to have the user click an html link that goes to an http page. The reason this will work, is that the browser recognizes this as the user's choice, and not a behind the scenes redirect.

Check browser cookie disabled

We are using an Http Module. In the http module we are setting a cookie. After that in the page we are trying to take the value from cookie.
So when we are requesting a page, first the code inside http module will execute and it will set the cookie and then the value can be taken from cookie in the page load of the page.
But while debugging the code in Visual studio, we found that if browser cookie is disabled, then in the httpModule it will try to set the cookie and after that in the page load if we check the request object, it is showing the cookie set from the httpModule.
Is this a correct behavior? I want to know whether cookie is disabled in this case. If it is diabled i want to take another value from db. But it always showing the value in cookie.
Can anyone please suggest a method to get whether cookie is disabled or not.
We are using the httpModule in an Umbraco site.
I would write a cookie and then do a redirect to check if that cookie exists if it does then you know cookies are enabled if not then cookies are not enabled. Here is a good example.
http://www.primaryobjects.com/CMS/Article54.aspx

Asp.net - Using SSL to prevent cookie replay attack

I'm looking to put SSL into place to prevent cookie replay attacks on our site.
The site is using .NET forms authentication. Do I just need to enable SSL for the login page or would it be every page behind the forms authentication that needs to be secure?
THanks
You would need to enable SSL for every page where the browser is instructed to send the authentication ticket cookie. By default, that would mean every page on your website, although when writing the cookie to the browser you can instruct it to only send it over HTTPS or to limit it to certain paths.
But in general it would mean SSL protecting every page on your site, not just your sign in page.
.Net websites transfer non only the viewstate but any cookies back to the server on postback. This impacts your security in that someone using firesheep (or a similar tool) could easily pick up an authentication cookie, not on login, but when a user postsback via a button press, or ajax event several pages into the application.
If you have access to IIS you can not only enable SSL use, but force it.

form Authentication

I need to ask:
I use Forms Authentication in my ASP.NET application.
but when I publish the web after the user login, if he didn't signout he just close the browser and after that he browse it again it will redirect him to default page.
How can I enforce redirecting him to the login page even if he didn't sign out?
You should see the documentation for forms authentication specified here. You can force the cookies to expire whenever you want setting the timeout attribute. Also, you could not use cookies at all by using the cookieless attribute. There are other optional attributes that could be useful for you, that might not be related to your question as well.
It will depend on whether or not their asp.net session id cookie still exists, or whether they have cookies enabled at all. To enforce redirecting to the login page you will need to find out how to make the cookies be lost when the browser is closed. In my experience this is the default behaviour anyway.
I will suggest you to check asp.net Membership,Profile and Role provider for specifically manage user Logins, Passwords and their profile.
This is one of the good articles from Scott Gu, you should bookmark when you want to work with Membership and Profiles.

Resources