All pages in my application is secured by default, except the home page and login page. In my settings.yml I set
login_module: homepage
login_action: index
So if I access a secured page it redirects to homapage.
The content of all my pages are loaded via ajax. So after several hours when I came back to my account and click on menu the content loaded the home page. So I got 2 menus, 2 footers. I need to redirect to homepage.
After long time User's session expired so it's redirecting your ajax request to login page. So, You may change handling of login action. In case of that you can check referrer url as below in your login action.
$link = $request->getReferer();
// if $link match with your AJAX link, you should send some custom message or flag in response of AJAX request.
// so you can identify that user's session expired.
// On failure detection of AJAX request, you can redirect browser to login page.
Edit
if you have multiple Ajax request. you can do as following.
// under executeLogin()
if($request->isXmlHttpRequest())
{
echo '0';
exit;
}
At AJAX handler side you can do like below
function ajaxResponseHandler(response)
{
if(response == 0)
{
window.location = <?php echo url_for("#login"); ?>
}
}
Sorry for my bad english. hope this helps you. Let me know if it works :-)
Related
i have drupal 7 based website, you can check the page here:
https://www.ticketgum.com/europa-uefa-league/champions-league--final-tickets-29-May-2019
All pages at ticketgum are HTTPS page, and if you try to go to HTTP page you will get redirected to HTTPS.
Now there is "Buy" tickets form, if you click "Buy" you should be redirected to HTTPS checkout page, but drupal 7 redirects it to checkout HTTP page, and then automatically to checkout HTTPS page, so there is DOUBLE redirect, as you can see at attached image, how can i prevent it? and fix the first redirect to HTTPS...
screen shot: https://www.ticketgum.com/http.JPG
The code in submit form function is a simple drupal_goto('checkout');
You have to verify some configuration :
Into settings.php :
$conf['HTTPS'] = true;
$conf['base_url'] = "https://www.ticketgum.com"
Also you can use drupal_goto like this :
drupal_goto($path, array("external" => TRUE, "https" => TRUE));
Otherwise you can use redirect form state to specify redirect after submit instead use drupal_goto
function YOURFORM_submit($form, &$form_state) {
$form_state['rebuild'] = TRUE;
$form_state['redirect'] = 'your_url';
}
Found solution, first of all if you use:
drupal_goto function this way it works:
drupal_goto($path, array("external" => TRUE, "https" => TRUE));
But in my case the problem was with redirecting in form submit,
Drupal created HTTP url instead of HTTPS in url() function because my global variable called "insecure_url" was HTTP.
You can cancel it in your drupal admin panel, just go:
www.domain.com//admin/config/system/securepages
and uncheck "Switch back to http pages when there are no matches" option.
I was wondering if it is possible to restrict access to an ASPX page to http POST request method only? This restricted page will be used to render some complex content. I want to use it for ajax calls which will return that content into a div on another page. Is it possible to disable GET requests so that users won't be able to access it via URL in their browser by accident?
You can't prevent user from making a GET request. You can choose on server that you won't serve those. For example like:
if (!string.Equals(Request.HttpMethod, "POST"))
{
Response.StatusCode = 405;
Response.End();
}
This can be implemented in Page_Load event or even in HttpModule (if you need it for more pages, etc).
I’d like to serve the checkout page on my website as “HTTPS”, but all the other pages on my site need to stay “HTTP”. My SSL certificate is correctly installed, and the SSL routing is working fine on my server.
I’ve added 2 functions in filters.php: one functions to force ssl (force.ssl), and one function (no.ssl) to serve pages as http.
Route::filter('force.ssl', function()
{
if( ! Request::secure() && App::environment() !== 'local')
{
return Redirect::secure(Request::getRequestUri());
}
});
Route::filter('no.ssl', function()
{
if( Request::secure())
{
return Redirect::to(Request::path(), 302, array(), false);
}
});
I added the following routes in routes.php.
Route::when('checkout/getpaymentpage/*', 'force.ssl');
Route::when('/*', 'no.ssl');
The checkout page is being redirected to an HTTPS page, however, if the user then decides to navigate to another page on my site by clicking on a link in the navigation bar, the next page is also being served as an HTTPS page and not as an HTTP page. Even though I explicitly added a route to show all other pages as non HTTP (no.ssl).
I’m not sure what I’m doing wrong here? How can I make sure only my checkout page will be served as HTTPS?
Why dont you just make your whole site HTTPS?
You'll get a free SEO boost from Google: http://googlewebmastercentral.blogspot.com.au/2014/08/https-as-ranking-signal.html
And the reality is it'll have no real changes in server overhead.
Otherwise your doing a lot of work to go against the current trend to make the whole web https...
I am unfamiliar with ASP but I need to link directly to a page on the http://carfueldata.direct.gov.uk/ website which I assume from the .aspx extension is built in it. My problem is that when a user first clicks on the link, the destination page immediately redirects them to the home page, presumably because there is some kind of user session required (?), I do not know. Not a good user experience for my visitors. The second time you follow the link it displays happily. The chances of my users following a link twice is slim.
Is there a standard URL parameter or something that I can append to tell the ASP platform to generate a user session and not redirect.
To see problem for yourself open this link in a new window, then close it, and repeat. First time it will redirect to home page. Second time does not: http://carfueldata.direct.gov.uk/search-new-or-used-cars.aspx?vid=30392
It looks like they are using session for this purpose. As far as I know there isn't any way to override this.
But you can do some work around for this.
Call jQuery ajax function to homepage and redirect on its complete event.
While calling the ajax function the cookie (ie session set) will be set on client's browser and after the ajax call redirect user to the page.( The page that won't allow users to visit directly)
Click to go
function LinkClick()
{
$.ajax({
type: "get",
url: "http://carfueldata.direct.gov.uk",
dataType: 'jsonp',
complete: function (msg) {
window.location.href=" http://carfueldata.direct.gov.uk/search-new-or-used-cars.aspx?vid=30392";
}
});
return false;
}
When you initially submit the request to the website, you receive a 302 status (moved (temporarily)) and a redirect to the home page. This is because there is no session ID cookie in your request. The redirect response from the server creates the session ID cookie for you and from then on, the site honours subsequent requests.
I don't know which client library you are using, but it should be possible to intercept the redirect request sent by the server, and replace the redirect URL to the homepage with your original request URL. Since the redirect response contains the session ID cookie, we can assume that the session has been created and your original request should work immediately without the redundant visit to the home page.
I want to give an alert after person sign up successfully. And then I redirect it to index page I tried something like that
ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + "Login is successful!" + "');", true);
Response.Redirect("index.html");
But alert cannot be seen.
Use a cookie. On successful login add a cookie in response, containing a greeting text, and on the landing page - check with javascript if the cookie exists, and if yes - show the alert, and delete the cookie. This way you can personalize the alert message with user's name for instance.
This won't work -- you're registering a startup script to the current page, but then redirecting to a different page. So the page with your script never gets sent back to the client.
You could try one of two approaches instead:
Register the script after the redirect (of course the redirect target would have to be an aspx file, not html for this to work).
Add another line to the startup script that performs the redirect on the client side. (ie, using window.location = index.html after the alert)