I'm working in Asp.NET MVC, and am trying to display a message to the user on the login page to inform them they've been logged out. I've got a Client side timer event which essentially fires a request that kills the Forms Authentication and Abandons the session, then forces a page reload which fires the FormsAuthentication redirect to the login page.
It's working pretty well overall, but I'm wondering how I can display a message to the user on the login page to say why it is they've suddenly been redirected. I was storing a flag in TempData, but now that I'm needing to clear Session as well that's not being retained.
I'm currently just loking for a returnUrl in the querystring which is ok but not great - is there a better way to detect to pass a message through that the user has been logged out?
Thanks in advance.
Related
I’m working with a vuejs project and I’m using firebase oauth authentication.
I’ve already implemented the sign in with popup flow, and the auth state change event listener, it works pretty well.
The thing is, after I sign in, when I refresh/first load the application, as the auth session persists, there’s a time span between the app load and the auth state change is triggered, so even though I’m logged in, I see the login screen for a few seconds before the event is fired and I get redirected to the main page
For example
I open the application
As I’m not authenticated, I get redirected to /login
I see the login screen
I sign in using the google provider and the popup
I get redirected to the main page /
I refresh the page
I get redirected to /login
As I was already authenticated, the authStateChange event fires and I get redirected to the main page, but this happens after a couple seconds
There’s any way to handle that previous state to be able to show a “loading...” or something? I’ve been reading the docs but the only thing I found is using the event listener that I’m already using
Thank y’all in advance!
Okay y’all, this is the solution I came with:
There’s no way to know if an user will ve logged in until it gets actually logged in and the authStateChange event fires. So the best I could do is, when the user logs in into the application, I store a “EXPECT_LOGIN” value in localStorage, so if I reload the app, and that value it’s true i show a “Loggin in” message with a timeout of, say, 5 seconds. Here we have two possibilities:
The event is fired and the user is logged in automatically
The timeout is fulfilled and I set the “EXPECT_LOGIN” value to False, then I let the user login manually
I have a web form app where users fill out a form, click submit and are redirected to a confirmation page. An ID is passed through a session which then is passed to the confirmation page. There's a intermittent issue occurring during submission, where the user is redirected to the root of the URL. The result is a 403-Forbidden Access Denied error. For example, user goes here: https://test.com/applications/abc.aspx?ID=25. When they complete the form and click submit, they're redirected to https://test.com. I do not see in my code the reason this behavior would occur. Also, this doesn't occur for everyone. What could cause such a behavior? Could it be server related (IIS), network related, or application related?
I suspect if the session data is lost during the redirection. Under certain scenarios, the below statement may result in a new session and potentially losing session data.
Response.Redirect("~/Account/ChangePassword.aspx");
Especially the scenario that the client-side requires a cookieless session.
Please refer to the official remarks of the HttpResponse.Redirect method.
https://learn.microsoft.com/en-us/dotnet/api/system.web.httpresponse.redirect?view=netframework-4.8
I have an asp.net website using the SQL ASP.net membership system. When users are logged in to the website and are inactive for 20 minutes, they get sent to the login page on the next page request. I would like to show some text on the login page that says "you were logged out due to inactivity" when this happens. Is there a built-in way to do this? Or any other ways I could distinguish why the user has been sent to the login page (for inactivity or some other reason)? I have scoured SO and Google but haven't been able to come up with anything.
The reason we need to do this is because we recently migrated from a previous version of the website that was lax about security and didn't have auto logout, so we're getting lots of feedback from users thinking there's something wrong with the website when they are prompted to login again.
Thanks in advance.
It is better to use javascript for this and be proactive about it, showing the timeout remaining if possible otherwise just alerting the user with a messagebox showing that his session has timed out and then redirecting him to the login page. Have a look here for a simple example.
To redirect him to the login page add the following to the below line as in the example:
alert("Your current Session is over."); window.location = "YourLoginPage.aspx";
For purposes of closure, I'll answer my own question. I couldn't find a clean way of doing what I'd like, so I ended up setting a cookie with the login time after the user logs in. Then on the login form page, I see if the login time in the cookie is greater than 30 minutes old (my auth timeout in asp.net) and display a "logged out due to inactivity" message. Otherwise it doesn't display the message.
Not great, but it seems to work. Satisfies the requirement for the vast majority of our users.
I am developing a web site using ASP.Net 3.5 C#. I am listing all the Online users ( users who re logged in on my site) in my site. I want to track and update user's status in Database when a user has logged out or simply closed the browser or navigated to some other site. In all these cases I want to update user's status as "Logged Out".
How can i move forward with it.
Thanks
Vivek
When the user clicks the button, you can just handle the click event on the server-side (in code-behind) and then log the status change.
For the case where the browser is closed, you can handle the Session_End event in the global.asax, which fires when the session ends:
public void Session_End(object sender, EventArgs e)
{
// Fires when the session ends
}
Legitimate logout (i.e. Logout by clicking on logout button etc.) can be tracked easily. You just have to handle the event and mark their database status logged out.
However closing the browser is one thing I never had a good success with. You will get many solutions over web which would tell you to capture the close button and then ajax request etc, but I did not have success with any one with that.
(Things like Session_End may come handy but there is a Gotcha that thisevent does not get fired, if you are using anything other than IN-PROC session mode so that's not reliable).
You don't really know if the user has closed the browser or not, or if he navigated to another site. I think you need to use some sort of AJAX control that would send some messages to the server in a given time interval to make sure the user is viewing your site.
First check my answer in this other question:
session Handling in asp.net
You wouldn't be able to immediately close a session and track this change if some user closes the browser, shutdowns computer or something like that. This is achieved by playing with session timeout.
Another possibility could be consider an user online if it triggered some operation against the server in some time interval, thing that'll be implemented in your server logic.
Logging out should be easly trackable because it's an "human user" action. Just implement a "UserLogout" event in your authentication manager class or any other class handling authentication and track logouts there.
Client-side user actions like browsing to another page or closing Web browser can't be tracked because technology limitations: API lacks in this area. It's more because of Web paradigm and its principles. You'll need to miss that.
Hi I am using IE7 and IE8 browser for running web appliction. I have login in the web application go on the next page. if have copy the url of the next page, and open new browser and paste url, then open directly next page. I mean my form authentication is not working. please help how to handle this issue.
I don't know enough about asp.net to give exact code, but your login page should create a new session if it isn't already created.
When the logic behind the authentication form verifies the username/password, it should set a session variable to mark the user as logged in.
Pages which require login should then check for that session variable, and redirect to the login page if not set.
Hope that helps!