i have one website and i have added it in bookmark.
the situation is:
i opened the browser and website loaded from bookmarked location now the tab1 contains the website next i am logging it now it is in home page.
then i opened new tab but i didnt loaded any site. then i closed the tab1 then i opening the site from bookmark location. here instead of loginpage its directly loading the page which was in tab2.
when i can close the logged in tab then it should ask for login page in next tab
please help me guys how to achieve this
thanks
You need to logged out the user when page is closing.
You can use onbeforeunload event to manually logged out the active user.
Have a look at this article about Save Changes on Close of Browser or When Exiting the Page
Login cookie is shared in same browser tabs (sometimes even in same type of browser).
In other words, if you login in a tab in IE, you do not have to login in different tabs. Login cookie is still valid, and you are automatically login.
However, if you open same page in FireFox or Chrome, you'll still have to login even if you have logged-in in IE.
Updated: Please do not ask user to re-login if a tab is closed and reopen in different tab (in same browser). Even banking websites won't do that. (Of course, user'll need to relogin if the browser is closed.)
Related
In my asp.net web form application, and I have an issue with internet explorer 11. The user was in "Home.aspx" and when he closes the browser and open again, the browser is still showing the last page "Home.aspx" but this page has no Session.SessionID valid, of course, if you click on any other link the user will be redirected to Login.aspx.
My question is, how can I do to redirect to Login.aspx after the last session was restored by the browser? and I do not want to depend of the "Start with tabs from the last session" setting.
Thanks.
Go into Edge - Settings - Open Microsoft Edge With... and select Start Page
I have a logout button on my site that triggers
FormsAuthentication.SignOut()
forcing the need to login again even if one uses the back button on the browser or copy/pastes the URL. However if one closes the tab by the x button of the browser and there's another tab still open, if they copy/paste the URL the page will reopen without logging in. This is a serious security problem. If the browser closed completely by closing all tabs that doesn't happen. How can I prevent returning to the URL after closing the tab even if the browser hasen't been closed completely? Is there a way of catching a javascript OnClose event that will trigger FormsAuthentication.SignOut()? I'm working in asp.net c#.
That's a browser session problem.
A browser session (in fact, the cookie which hold the session id is deleted when the browser is closed) ends only when the browser is closed. It's why you are not logout when you close only one tab without closing the whole browser.
There's no reason to logout the user when he only close a tab. This behavior is not standard on the web and users can be disoriented if you do that.
But nevermind, if you want to do that, you can write a few javascript that drop a popup to warn the user he must logout before leaving. To do that use the unload or onbeforeunload event.
Look at here to see examples :
How to create popup window when browser close
You may use javascript on window onbeforeunload event to make a call to your website and log out the user.
Wait, the user has two tabs open on your site and they click "Logout" in the one, but not in the other? Well, then they haven't really logged out - the session is still active. I see how that can be a problem. But it is not a SECURITY problem, it's just the same user that remains logged in.
Anyway, you can create, for instance, a new session variable that you fill with a value whenever the user logs in, and that you delete when the user logs out. Then in every Page_Load, check this variable, and redirect to the login page if it doesn't exist.
Might be a bit of overkill, but it's all server side and you won't need Javascript to do it.
Is this possible? i have an exit button on my web application, originally, my client request that once they click the exit button, it should CLOSE the tab or the browser itself but afaik that's impossible since the web aplication can be opened via link in an email (outlook,yahoomail etc) via tag, so I suggested this alternative to simply just redirect to the Home (of the user, not the web app). the problem how to Redirect to USER's home page. TIA
if (window.home){
window.home();
}else{
window.location='about:home';
}
Something like that would be my guess.
window.home() reference.
There is no way to detect user's existing settings for a home page. This is a security issue. You can always, however, close the browser window after the user is finished using your application.
JS: window.close();
Not sure that would be advisable (even if it were possible), as users can have multiple homepages. Usually, web applications have a log-out button which would log the user out and return to the application's main page (probably showing a log-in form).
I found out an issue at my client's site regarding single sign off. for ease of use, i keep the client site name simple.
We developed site1.com using ektron 8.2sp2 framework and when you log into www.site1.com, you can go into "My Page" link, which takes you to www.site2.site1.com, which is a single sign-on.
This page has a log out button, when clicked, it logs off the user from www.site2.site1.com and you have a 'home' link, which takes you to www.site1.com, to log off from there too.
But, if the user just logs off from www.site2.site1.com and closes the browser, and reopens the browser to go to www.site1.com, it takes the user to the login page of www.site2.site1.com
I am trying to figure out the best way to log off the user from www.site1.com also, when the user logs off from www.site2.site1.com
I dont have access to the source files for www.site2.site1.com So, could some one help me how i can redirect the user to logoff from www.site1.com ?
This happens only in IE 8 and Firefox 3.6 but chrome behaves wonderfully.
Thanks in advance.
i guess, the answer to this is FormsAuthentication.SignOut(); will take care of it.
hi
let me explain the scenario.
I am developing an application for Online Examination. Once a user logs into the system, he is allowed to start a Test; on clicking start test button the user is redirected to the questions page. Now when the user clicks and confirms ending of the test by a button click then he is redirected to the results page.
Now what I want here is that when the results page is being displayed the user should automatically be logged out of the system and should not be able to go back to the previous pages by pressing the browser's back button.
The problem which I am facing right now is that when the results page is displayed anyone can press the back button and continue the test and manipulate the result. How can I stop this. Need a detailed solution to it.
You will need to disable caching of the pages. When you press the back button, the browser will use the cached version of the page. If you disable caching, when the browser actions the back mechanism, it will determine that the page needs to be fetched again, processing the page with a state where the user is no longer logged in.
Store a session variable like currentQ that holds the ID of the latest question answered. If the user tries to answer a previously answered question, do not accept the answer and instead redirect him to the proper page.
This will also prevent him from using the Back button when he is in the middle of the examination.
You should store the logged-in user in a session or a cookie.
The results page should always check the cookie or session if the user is logged in.
If not the results page will display some feedback message.
The best way you can do is Either use a master page or place a user control on every page.
The MasterPage/UserControl should check for the current session(whether the user is logged in or not). If the Session is available then it should continue, else it should move to login screen. At the result page, you can clear the session value.
Now if a users press the Back button at Results Page, The Page( masterpage or usercontrol) willn't find the session and will redirect the page to Login page.
I hope this will help you.