I have link at my asp.net page. I need to store some data in session before user goes to that link location. Is there any event that I can catch when user going to leave that page?
PS
I can't store that data when user click on link. I need event on leaving page.
The way the web works is stateless. The server is not aware of your user leaving a page. It is only aware of a new request that is coming in, which would happen after the user clicked on a certain link.
If you wanted to store data in the session before that link was clicked, you would have to store it in the session on the previous request when you were generating the page containing the link.
Try using JavaScript to intercept the user before page exit and then in the JS function send an Ajax post to the ASP.net page with the logging details (which would then be put into the user's session object).
Your best hope is to use Javascript events.
You can use the window.onunload or window.onbeforeunload to either fire of an AJAX request or warn the user to save their work before continuing.
Obviously, both of these events are browser dependent and rely on Javascript being switched on.
Related
This question probably exist in different forms but I would need to get explained to me how to accomplish the following...
I'm working on a windows forms application (C#). When I click a button on the form I want to navigate to a specific page (all in code behind), find an input[type=text] on that page by id or class, input a password, and click on the login button next to the input.
Then I need to wait for the page that will load after the login button is clicked before I continue identifying more elements. F.e I want to find a html table and traverse it.
If someone could give me a good example and tell me if I need any additional controls in my form I would be most grateful.
Now, as I wrote above, I'm not interested in opening a browser and navigating to that page. I want it all to take place in the code so to speak..
Thanks in advance!
You don't need to scrape the website and find the input of type=text. Forms works with GET or POST requests. Login form is generally a POST request to the server, you should search for the form inside that page and see where it points the action. Let's say it is done this way:
<form action="login.php" method="post">
So you know that login.php will handle the request and that it's using the post method.
Now you should write some C# code to send a POST request to http://yoururl.com/login.php (Please see HttpWebRequest).
Once you get that, since it's a login, you should find a way to keep cookies active so that you can send another request to the page you have to access after the login. Keeping cookies active means that you're logged and your session is active with the user you logged in the previous POST request.
To achieve this part you should have a look to HttpWebRequest.CookieContainer.
Once you get your cookies you should now send a GET request to the next page where you can then scrape the information you need. The GET request to a web page send you the whole html page as response. You should then use a scraping library such as HttpAgilityPack to get the table you need.
Try to write some code and come back when you face a problem, opening another question. I hope I provided you some useful information!
I am creating a website and it has multiple pages which a user needs to go through them step by step. for example the first page www.website.com/personal.html will ask users to fill in their personal information and then the next page www.website.com/favorite.html will ask other questions about their favorites and so on...
What I would like to do is not allowing a user to manually enter the address www.website.com/personal.html and access that page again. I would only allow accessing that page through the flow of the website or if I have a tab or a link to that address.
Is there any way to prevent such thing?
If you are using MVC, why are you talking about static html pages at all?
Just use a single action method that returns multiple views based on your workflow state. That way, it's impossible for the user to direct based on URL (since the URL would be the same for every view).
You could use the referer header to detect where a link came from, but that is easily forged. Assuming you have a session database and you are setting some manner of session cookie, you could store state information with the session data, and redirect if you receive a request for personal.html if the saved state does not indicate that is the current page.
Nope, not really. You can check the referrer but that can easily be spoofed. You could use a cookie to indicate that the user has already been at each step, but again, easily circumvented.
If you are saving information after each step, can't you just check if the user has already input his personal info and if so, redirect him to the next step?
The only reliable way would be to check the saved data on the server side and act based on that.
Which option is better, when you have redirect to other page and user need to be logged in to use it.
With linkbutton you can in onClick event check if user is logged in and then redirect...
With hyperlink you can set navigateUrl and than on other page on page load check if user is logged in, if not redirect to login page...
Which option is better for performance or the right one to use it... In first option you have postback (whole page reload) in second you have only redirects but also load the page_load event if user is not logged in...
The Hyperlink control takes the user directly to the specified location
without posting back to the server.
The LinkButton control first posts the form to the server, then navigates to the URL. If you need to do any server-side processing before going to the target URL, use a LinkButton.
if there is no server-side processing necessary, don't waste a round trip and use the HyperLink control.
So,from your question: Which option is better, when you have redirect to other page and user need to be logged in to use it , seems you want that when user is logged in, then only they should be able to use the page they are redircted to.
So, In case the new page where they are redirected to, Validates the user also, then Go for Hyperlink. In case, the newly redirected page doesn't validates the user, and you require validated user to use the new page, go for LinkButton.
I think the answer to this question lies in the application of the control.
Use a link button when you are working within the page (postbacks), use a hyperlink when you are redirecting the browser.
Ideally the hyperlink would be used in this case as lets assume they are logged in, once you get to the page if their not send them to the login page. Once they login send them back to the page they requested.
Now you may also think about checking if their logged in before even displaying the hyperlink or any other control.
Cheers.
I've got a strange one to solve today. A client needs their site to not allow people being logged in, going to a different site, then still being logged in if they hit the back button in their browser.
Simple I thought... until I couldn't find a page event that got fired when the back button was pressed from another site.
I thought of just using JavaScript and working with the referrer object, but this won't achieve my goal as I need to access the .NET Membership system and log the user out of their session.
Has anyone got around this problem? If so, how? Any help would be appreciated, potentially I'm just missing something that I could achieve in the Global.asax? If it helps, I'm using .NET 4.5 / C#.
Reasoning:
Due to, say, if one operator went and left their machine unlocked, visited Google, then another operator went on the same machine maliciously and hit the back button to gain access to that operator's logon (the client is very security cautious)
So you would like to log out user whenever they leave your site? You cah have global javascript that sends a request to a server every minute saying "Hey, server, I'm here! I'm user Joe Blogs, i'm still on the site". If the server does not get this message from a user longer than a minute, log them out.
Overriding back button is just not going to work. What would you do if user opens up another tab/window and goes to google there?
Update:
you can try using .unload() from jquery to catch page leave. And destroy the cookies on that event.
However, when the machine is just left unattended, nothing stop malicious user to go grab the access.
Update 2 you can just set very short session life! if user is inactive (or left the page) - log them out. To prevent possible annoyance for logging out when user looking on the screen for too long (fills in very long form) - make javascript to do regular (every 5 minutes) to a server to a dummy page - to keep the session live while the page is loaded.
Here is the source: Force users to logout when they leave my php website?
There is perhaps a "magical" solution for the problem but the key thing here is in the reasoning: Operator A is not allowed to use the site with the credentials of Operator B.
From a client and server perspective there is no way that the server or client (browser) can tell that persons changed seats at whatever moment in time.
That's the problem you have to solve.
But perhaps implementing face-detection is a little over the top?
If you were designing the site from the ground up you can do this by adding a header to specify that you do not want caching.
Cache-Control: no-cache
Pragma: no-cache
But you would then have to have all your site access through a single page. The page need not be displayed the same and can contain different controls etc, but it's content would be decided by POST parameters rather than through the normal ASP.NET model.
e.g. Default.aspx and to navigate you would POST back at least two parameters. One would be the page to navigate to, and another would be an unpredictable token.
e.g. Token=3Zd2f4O61Z&Page=OrderHistory
Upon each page load you would validate the token and page title combination, and if OK you would display the page and generate new post-back data links for any navigation or actions you would like the user to take at that point. If the user were to try accessing the same page with the old token, it would expire the session and then log out the user. This is the most secure way to do this as then clicking the back button would prompt the user to resubmit their post data again. If OK was clicked, the browser would submit it but the server would recognise that the token was now invalid (as it has already been used, and discarded by the server) and then log out the user.
This method also protects against CSRF as you are validating a token in the payload of each request rather than just checking cookie values.
I know this won't help you unless you can reengineer your site, but I thought I'd add this solution in case anyone lands here with the requirement from the beginning.
You can have a landing page of your site to contain nothing by a JS redirect to reals homepage this way when person hits back button he will go back first to the damy redirecting page that move him back to home page.
But it will be possible to override this if user chooses to skip number of pages at once or just opens another window.
Could you provide further information about why exactly is its needed ? I think in your case, there is a possible solution of may be having a separate Database table or field for marking or flagging such users who have been redirected to another site just treat them as signed off and then once they hit your sites URL you can probably check for the flag and sign them back in, automatically.
JQuery unload() function will solve your problems as wel as the javascript window.onbeforeunload...
hi
let me explain the scenario.
I am developing an application for Online Examination. Once a user logs into the system, he is allowed to start a Test; on clicking start test button the user is redirected to the questions page. Now when the user clicks and confirms ending of the test by a button click then he is redirected to the results page.
Now what I want here is that when the results page is being displayed the user should automatically be logged out of the system and should not be able to go back to the previous pages by pressing the browser's back button.
The problem which I am facing right now is that when the results page is displayed anyone can press the back button and continue the test and manipulate the result. How can I stop this. Need a detailed solution to it.
You will need to disable caching of the pages. When you press the back button, the browser will use the cached version of the page. If you disable caching, when the browser actions the back mechanism, it will determine that the page needs to be fetched again, processing the page with a state where the user is no longer logged in.
Store a session variable like currentQ that holds the ID of the latest question answered. If the user tries to answer a previously answered question, do not accept the answer and instead redirect him to the proper page.
This will also prevent him from using the Back button when he is in the middle of the examination.
You should store the logged-in user in a session or a cookie.
The results page should always check the cookie or session if the user is logged in.
If not the results page will display some feedback message.
The best way you can do is Either use a master page or place a user control on every page.
The MasterPage/UserControl should check for the current session(whether the user is logged in or not). If the Session is available then it should continue, else it should move to login screen. At the result page, you can clear the session value.
Now if a users press the Back button at Results Page, The Page( masterpage or usercontrol) willn't find the session and will redirect the page to Login page.
I hope this will help you.