In my Application ID I changed in security attributes -> Maximum Session Idle Time in Seconds as 900 seconds, but issue is if I am on same page number it gives me session timeout message.
I want session timeout on user's movement over the page or other tabs it should not be restricted because all my application work is in mostly one page.
Session timeout is managed by the web application server and it needs a request or form submission to tell him, hey I'm alive, dude please don't kill the session, so for that reason you need to create an ajax request to tell web server you are still there.
You can use this script to detect user inactivity
var IDLE_TIMEOUT = 60; //seconds
var _idleSecondsCounter = 0;
document.onclick = function() {
_idleSecondsCounter = 0;
};
document.onmousemove = function() {
_idleSecondsCounter = 0;
};
document.onkeypress = function() {
_idleSecondsCounter = 0;
};
window.setInterval(CheckIdleTime, 1000);
function CheckIdleTime() {
_idleSecondsCounter++;
var oPanel = document.getElementById("SecondsUntilExpire");
if (oPanel)
oPanel.innerHTML = (IDLE_TIMEOUT - _idleSecondsCounter) + "";
if (_idleSecondsCounter >= IDLE_TIMEOUT) {
alert("Time expired!");
document.location.href = "logout.html";
}
}
Check this post Detecting user inactivity over a browser - purely through javascript
Related
I configured Identity Server:
public void Configuration(IAppBuilder app)
{
var factory = new IdentityServerServiceFactory().UseInMemoryClients(new Client[] {
new Client()
{
ClientName = "MyClient",
ClientId = "MyClientId",
Enabled = true,
Flow = Flows.Implicit,
RedirectUris = new List<string> { "MyClientServer/callback" },
};
});
}
and client server:
public void Configuration(IAppBuilder app)
{
var cookieOptions = new CookieAuthenticationOptions();
cookieOptions.AuthenticationType = "Cookies";
app.UseCookieAuthentication(cookieOptions);
var authenticationOptions = new OpenIdConnectAuthenticationOptions() {
Authority = "https://MyIdentityServer/core",
ClientId = "MyClientId",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = true,
RedirectUri = "MyClientServer/callback"
});
app.UseOpenIdConnectAuthentication(authenticationOptions);
}
When user login with "Remember Me" option Identity cookie has expired date:
idsvr.session expires 04 October ...
But client cookie does not:
.AspNet.Cookies at end of session
What should I do to set the same expiration date to client cookie?
UPDATE:
I can set any expiration date in client application:
authenticationOptions.Provider = new CookieAuthenticationProvider()
{
OnResponseSignIn = (context) =>
{
var isPersistent = context.Properties.IsPersistent;
if (isPersistent) // Always false
{
context.CookieOptions.Expires = DateTime.UtcNow.AddDays(30);
}
}
};
But I cannot determine when to set expiration date. It should be set only when user selects "Remember Me", but IsPersistent option always false on client side.
The problem exists on simple boilerplate project too:
https://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html
UPDATE2:
I need client cookie to be persistent because of bug in Safari - https://openradar.appspot.com/14408523
Maybe some workaround exists, so I can pass expiration date in callback from Identity to Client?
UPDATE3:
Actually, our Identity and Client servers have same parent domain like app.server.local and id.server.local. Maybe I can pass expiration date via additional cookie that belongs to parent domain (.server.local)? But I have no idea where it can be written on Identity, and where it can be applied on Client.
A cookie issued by IdentityServer and a cookie issued by a client application are not linked in any way. IdentityServer does not have any control over cookies in a client application.
When you log in to IdentityServer, you are issued a cookie that tracks the authenticated user within IdentityServer. This saves the user from entering their credentials for every client application, facilitating single sign on.
By default this cookie lasts for that session (so it expires once the browser closes), otherwise if you set "remember me" it will last for a set number of days, across sessions.
A cookie in a client application would be issued upon successful verification of an identity token from IdentityServer. This cookie can have any expiration time, any policy, any name. It's completely controlled by the client application. In your case client cookie expiration can be set in the CookieAuthenticationOptions in your client application.
You need to handle the cookie auth events. The open id middleware just creates an auth cookie, so you can handle all aspects of this cookie from those events. You'll need to look at the events and with a little trial and error you should be able to manage the cookie lifetime.
You can do it at the java-script by using following code in here I have created this cookie to expires within 14 days.
var exdate = new Date();
exdate.setDate(exdate.getDate() + 14);
document.cookie = "yourcookie=" + yourCookieValue + ";expires=" + exdate.toUTCString() + ";";
I'm using autobahn-js (0.11.2) in a web browser and the crossbar message router (v17.2.1) in the backend.
In case of a network disconnect (e.g. due to poor network) the autobahn-js client can be configured to try to reconnect periodically.
Now in my web app powered by autobahn subscriptions to different WAMP topics are created session.subscribe('my.topic', myhandleevent) dynamically.
Is there a best practice on how to reregister all active subscriptions upon reconnect? Is that maybe configurable even?
I think resubscriptions are not configurable out-of-box. But onopen is fired after reconnect, so placing subscriptions initialization inside it, will do the thing:
var ses;
var onOpenFunctions = [];
function addOnOpenFunction(name) {
onOpenFunctions.push(name);
if (ses !== null) {
window[name]();
}
}
connection.onopen = function (session, details) {
ses = session;
for (var i = 0; i < onOpenFunctions.length; i++) {
window[onOpenFunctions[i]]();
}
};
Then if you want subscribe dynamically you have to do this:
function subscribeTopic() {
session.subscribe('my.topic', myhandleevent)
}
addOnOpenFunction('subscribeTopic');
I have a processing page and I want to run function process all via web service (add web reference into my C# window form app). My code below:
var context = new ModuleABCService.Screen() // limk web services: http://localhost:8686/soap/DMSBL009.asmx
{
CookieContainer = new CookieContainer(),
AllowAutoRedirect = true,
EnableDecompression = true,
Timeout = 60000
};
var loginResult = context.Login(string.Format("{0}#{1}", val.UserName, company), val.Password);
if (loginResult.Code != ErrorCode.OK)
{
throw new Exception(string.Format("Can not login {0}", company));
}
Content content = context.GetSchema();
context.Clear();
context.Submit(
new Command[]
{
content.Actions.ProcessAll
}
);
And I got an exception message:
System.Web.Services.Protocols.SoapExceptio:n Server was unable to process request. ---> PX.Data.PXUndefinedCompanyException: Unable determine proper company id for the request. at PX.Data.PXDatabaseProviderBase.getCompanyID(String tableName, companySetting& setting) in c:\Builders\4_10-2014_4_28-21_21_17-Full\Scripts\BuildTemp\NetTools\PX.Data\Database\Common\DbProviderBaseCompanies.cs:line 471...
Have you ever got this error before? Could you please give me any suggestion? Thank you so much!
Ok, I found out, because Acumatica's license
I am using phantomjs to print the webpage and create a pdf. As the UI needs the user's authentication before finding the data, I used persistent cookies to authenticate the user. But somehow I got login screen every time in the created PDF. I observed that the user authenticated successfully and also the result's webpage showing proper result (debug logs showing the proper data array) but while printing the web page or creating a PDF, it somehow gets the login screen. Sometimes I observed that I got two different cookies in my PHP code while getting the report data and in javascript 'document.cookies'.
Please let me know how can I fix this.
var page = require('webpage').create(),
system = require('system'), t, address;
page.settings.userName = 'myusername';
page.settings.password = 'mypassword';
if (system.args.length === 1) {
console.log('Usage: scrape.js ');
phantom.exit();
} else {
t = Date.now();
address = system.args[1];
page.open(address, function (status) {
if (status !== 'success') {
console.log('FAIL to load the address');
} else {
t = Date.now() - t;
var title = page.evaluate(function() { return document.title;})
console.log('Page title is ' + title);
console.log('Loading time ' + t + ' msec');
}
phantom.exit();
});
}
Another piece of code of sending a cookie file
bin/phantomjs --cookies-file=/tmp/cookies.txt --disk-cache=yes --ignore-ssl-errors=yes /phantomjs/pdf.js 'username' 'params' '/tmp/phantomjs_file' /tmp/phantom_pdf.pdf
And
phantomjs --cookies-file=cookies.txt examples/rasterize.js localhost:7000/reports /tmp/report.pdf
I'd like to retrieve and parse multiple html pages within a Chrome extension.
Using Web Workers for each request seemed like a simple way to make them execute in parallel. Is that possible? My attempt failed, perhaps because it's a known permissions bug.
As a workaround, I guess I could have the main extension page do multiple asynchronous XmlHttpRequests, then have the callback send the result page to Web Workers for parallel parsing. But that method raises the question of how many asynchronous parallel requests can Chrome make at once? That question has been asked here, without answer.
The Chrome Extension I'm writing is a Browser Action.
Code for the worker:
// Triggered by postMessage in the page
onmessage = function (evt) {
var message = evt.data;
postMessage(message.count + " started");
update(message.count, message.url);
};
// parse the results page
function parseResponse(count, url, resp) {
var msg = count.toString() + " received response ";
postMessage(msg);
}
// read the Buganizer URL and parse the result page
var update = function(count, url) {
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
parseResponse(count, url, xhr.responseText);
}
}
xhr.onerror = function(error) {
var msg = "!>: " + count + ": error ";
postMessage(msg);
}
var url = "http://www.hotgrog.com"; // for testing (manifest has permissions for this url)
xhr.open("GET", url, true);
xhr.send();
postMessage(url);
}
Have you looked into trying asynchronous-loaders such as RequireJS or Curl?
Take a look at the authors explanation as to WHY we should use his product.