I tried to do some research on this and came across the following question on another site:
http://www.theserverside.com/discussions/thread.tss?thread_id=36561
Unfortunately, the answer there was to switch to GET requests, which I'm hoping there's a better solution. To reiterate the problem:
The scenario is when a user is on a search page for instance, their session expires, and then they click the submit button. At this point, the login page shows up since they aren't logged in anymore. After successfully logging in, j_security_check is resending the POST request to the search from before but without any of the POST data. I would like to be able to get the POST data from the original request, or I want to configure j_security_check to never send POST requests after logging in, but instead force it to use GET requests.
Any help is greatly appreciated.
I ended up checking in the doPost method to see if request.getParameterMap().isEmpty(). If it is empty, then j_security_check sent the POST request since it doesn't send any POST data. If that is the case, I just call the doGet method instead.
Related
Given a backend wrote in nodejs that returns a page that should either link to login (if the user is not logged in) or a link to logout (if the users is already logged in).
Considering I'm using firebase as authentication tool, how can I know in the first request, when the user is accessing the website, if is he authenticated to then
set the ejs template to respond with the correct link ?
Is there some header, or token that can I use ?
The only solution I found was use ajax after the server response, but I don't like this solution because apparently there is a delay in the link renderization.
As far as I know there is no way to know if the user is authentication on the initial request. From a quick inspection no data is sent along with that request. That kinda makes sense, given that upon this request it is not even known if you're using authentication to being with.
Update
I actually just ran into this blog post from one of the Firebase engineers, which seems promising: Introducing session cookies for server-side web apps. I haven't fully read it yet, but the title sounds like it may be exactly what you want.
I am trying to integrate PayuMoney payment gateway into my Meteor App. The process involves sending a POST request to a external url(payu url) and also redirecting the user to it. The user completes the payment on PayUmoney's site and once done, the PayUmoney site redirects back to a url(provided by me) with parameters passed as POST.
What I have done currently,
To post the form, I have allowed the default behavior of the form. I have defined the method as POST, with the target URL and all input parameters as hidden.
However, I am unsure on how to accept the variables after the tranasaction. I tried this method: How do I access HTTP POST data from meteor? but, this didn't work.
Technical Integration Document (Pay U Money): https://s3.amazonaws.com/uploads.uservoice.com/assets/074/080/407/original/PayUMoney_Technical_Integration_Document.pdf?AWSAccessKeyId=AKIAJF4UXUF6KJMEJFQQ&Expires=1519543396&Signature=ASnFquJkmCwQSMfx93w913MjZPk%3D
Any help will be appreciated. Thanks!
Assuming you're talking about accepting the response from PayUMoney, meteorhacks:picker is a great library for setting up an API. If you follow along with this guide, you'll get taken through all the steps of setting an endpoint up that can accept a cross-origin POST request.
In my ASP.Net MVC website, whenever a user registers, the admin should activate his/her account. In my view, I'm creating simple links for this:
#Html.ActionLink("activate", "user", new { id = item.ID })"
I usually would create a form with a #Html.AntiForgeryToken() and POST it to the controller. However, I think it might be OK to do this via HTTP GET since we're doing this for users which are in admin role. Should I use the POST method or is it OK to continue with the HTTP GET and just an id field?
I think it might be OK to do this via HTTP GET since we're doing this for users which are in admin role.
Nope. If anyone sends the link to /user/activate/42 to your admin and he clicks it, he just activated a user.
Apart from the security, read When should I use GET or POST method? What's the difference between them? for the implications on HTTP level, which also regards browser implementations (caching, warning for re-post, and the list goes on).
A GET request should never change the state of the system. It should leave the system unchanged. You don't want anyone to be able to approve users by making a GET request as it leaves the system open to attack. A GET request should also never be used to pass data around.
You should use a PUT request for this ideally. If you can't use a PUT then a POST is ok.
How to get a notification when someone has sent money using PayPal or Credit Card in Asp.NET?
Are you using some sort of payment processor (like paypal)? If so, they should have a way of notifying you when such an event occurs. This is usually done with them POSTing the data to a URL that you given them in your account setup. At that point it is as easy as having your site respond to POST requests with to that URL With webforms, this means either having an .aspx page, or [recommended] having a generic handler (ashx). For MVC, you simply need to have an action method on the controller that the POST request is routed to.
HTH
I have a single sign-on solution, meaning that the user will login to one site and be redirected to another. When I redirect the user I want to pass along a key that can be used to verify the user's authentication status.
Most of the examples of single sign-on I read show the login site passing the encrypted key has a query string value. I don't think this is a very good solution because it's not very REST-ful or whatever you want to call it. Instead I'd like to pass the encrypted key in the POST data. So when the user logins in, they are POSTing to another url.
Unfortunately I don't know (yet) how to do this with the Response.Redirect or Server.Transfer. I think Response.Redirect passes the same POST data along when it redirects.
Does someone know how to redirect a website user in asp.net, changing the POST data while redirecting?
(bonus question: can you change a GET to a POST while redirecting?)
Server.Transfer has the ability to maintain form data (POST values) in transition, because it is essentially transferring the same request sent by the user to a new endpoint.
Request.Redirect cannot persist POST data because a redirect is essentially sending a response back to the end-user which says "go here instead". The client then initiates a new request to that new endpoint. The client does not re-submit the POST data on the second, separate request.
However, neither POST nor GET alone are more or less RESTful - both are strings of data, just in slightly different parts of the request. Having clean, querystring-less URLs might "look REST-y", but it is cosmetic.
Here's a diagram of how the two different approaches work. As you can see, in the Redirect case, changing the POST data simply isn't possible because it's in the client's hands to form the new request to the target URL; and in the Transfer case, it makes no sense to (even if it was technically possible) because if you do need to pass additional data to the new handler, you can do so yourself:
alt text http://rexmorgan.net/rr_vs_st.jpg