Not 100% sure how to phrase the question but here is the problem:
I have a website serving documents which each have their own URL, for example:
www.app/doc/1
www.app/doc/2
The website allows users to edit the documents and save the changes. I want to put a lock in place so that only one user can edit a document at a time. So, if one client has www.app/doc/1 open then noone else should be able to open the same URL.
The web app is developed in Django. Any pointers on how to do this? I know some websites are able to pick up if you have a page open in another tab and force you to pick an active tab. What is the method that they use?
You can take a look at this, maybe this is what you're looking for:
Protect against concurrent modification-
of database entries
This also:
https://docs.djangoproject.com/en/1.11/ref/models/querysets/#select-for-update
Related
I am fairly new in web development and I decided to handle a user's availability to send a POST request to server. However, I do not know even whether it is possible or not but when a user close my Django site without using logout button (For example close the browser or tab), in order to understand the user is offline or online, I want to send a request to server. As a result, when the server does not get an answer from the user for a while, it automatically logout the user.
Can you tell me is it a good way to handle a user's availability and first of all is it a realistic solution? If it is, can you suggest me a document or example that helps me please.
I agree to to the answer of #Mounir. That's not related to django, if you want to know when a user is "disconnected"(close the tab or window) you need to use javascript, in concrete you need to use Sockets.
I recommend you this ones:
http://socket.io/
https://github.com/centrifugal/centrifugo
I'm using centrifugo for one project right now. In concrete, for chat and inbox messaging. It's very simple to make it run with Django.
Greetings
For logging out user you can use the Session expiration, but for all other staff you want to achieve I don't see any thin really related to Django itself, everything depend on your requirements and is more Browser/javascript related than Django.
I have a customize request from my client in sitecore mobile module.
I want to be on full view site from my mobile on Career page, i am able to do it but any of the link inside career page with having mobile layout in presentation detail is taking that page again to mobile device.
Can we make any customization that maintain the device in cookies so that it keep user on full view site after coming to career page.
Is there any setting we can do in pipeline or session. I just want to be throughout in full view site after coming on career page and no going back to mobile layout. Kindly suggest.
Yes, you can do exactly that. You'd need to update the rule to detect the various devices (which I'm guessing you already have). You can then create a custom condition to check if cookies have been set for the full site(does not need to be a cookie of course, but that'd be the easiest way).
You can find the existing Conditions and Actions here in the path /sitecore/system/Settings/Rules.
To create custom conditions and actions, please read the following article on SitecoreInsight.com
After creating your custom condition, go into your device item again and update the Rule there to only switch to that device when that cookie has not been set.
[edit]
Come to think about it, it might be possible to have your 'go to full site' link appended with a querystring sc_device={GUID of device}. I'm not sure what would take precedence here, the 51degrees rules or Sitecore's cookies... Worth a try though :-)
I'm looking to see some info about my facebook contacts, and I want the info to be overlayed on the currently open website.
Currently, I'm trying to do this via a bookmarklet.
Is it possible for me to overlay a div over the currently open web page and populate it with a functioning facebook login button (if the user is not logged in)? Are there publicly available working examples of something like this?
It is probably not possible to simply embed Facebook within an iframe because Facebook blocks people from embedding their pages within frames or iframes by putting this into the response header, "X-Frame-Options: DENY". This is most likely to prevent click-jacking and similar security exploits.
To test this, enter any page from Facebook into http://savanttools.com/testframe
Facebook has an API which allows you to do many things, but it requires server side code, and can not be done simply with a bookmarklet.
There is also always the brute force method where your server scrapes data from any website you want it to. Then that data could be put into a bookmarklet.
Finally, the same thing could be achieved by writing an add-on or a user script without using a bookmarklet at all.
Scenario:
I have an administration-application which manages the user accounts for another application. Now I would like to place an user-specific-link (e.g. Click here to login with user1) in the administration-application allowing the admin to directly log in with the user in a separate browser window or tab (target="_blank").
Problem:
When the admin clicks two or more links and opens two tabs with tab1=user1 and tab2=user2, the last clicked tab overwrites the session-variables of all other tabs. Sure... that's how sessions work, but I wonder if there is a way to let the admin manage multiple user interfaces with one session in multiple tabs? But I don't see a possibility to identify a specific tab in the browser so that I could say "in tab1 is user1 and in tab2 is user2 logged in ...
Question:
Has anyone done something similar and likes to share the basic idea of solving this?
EDIT:
One possible solution could be to add an parameter to the URL with the userid and hand it through to every page, right?
As your edit points out, the way to do this is with a url variable that specifies who the user should be.
There are a number of security issues with this approach tho.
I'm assuming that your initial link is doing some sort of security check to make sure that the initial "log in" of the user is an authorized request. You'll need to do a similar thing for this method. If your initial request is something like http://example.com/page.cfm?userid={id}&authtoken={encryptedtoken} I would then put that userid into the session scope as a valid userid that the admin can impersonate. The more links they click on the more users they can impersonate. On subsequent requests you check the requested userid against the allowed list in the session and either allow or deny the impersonation.
You'll also need to update all the links on the site so that they include the userid in them. The easier way to do this is to cheat and user jQuery or such to rewrite all internal urls with the userid appended. You would conditionally include that javascript based on the above check.
Lastly you'll likely want to prevent these urls that include the userid from appearing in search engines, if it's not a fully locked down site. You'll either need to use canonical urls to remove the userid, or set x-robots headers to tell search engines not to index the urls where the userid has been specified; or both.
That's the most primitive method of getting different "sessions" for multiple users in the same browser. However you'll then bump into issues if you're using the session scope for anything meaningful, because each tab will try overwriting the other. You'll need to overwrite the normal site session variables on each request, or you'll need to create different structures in the session scope for each userid that is used. How much of a problem this is depends on your application.
It's a do-able thing, but probably a lot more work then you were hoping for.
The other option is to get the admins to use Google Chrome with multiple profiles and copy and paste the login url into different profile windows. A slight inconvenience for them, but a lot less work for you.
i would like to know a good software engineering way to store user preferences in a web app.
to clarify further, my app has commands that the user can choose, so
i added a button that when some commands are selected, these commands are saved as favorites somewhere on the client's machine, that way if user X logs in at anytime he can check his favorite commands and load them automatically..
how to save these commands and where? and taking into consideration that several users using the same computer should not have access to each's favorites, so i want the favorite to be saved based on userID. where and how to save them? cookies? xml? and using php or javascript is better?
thx a lot for your help:)
The best way to do this is have them log in whenever accessing your site. Then you store all of the preferences on your server and deliver them down through your UI to their browser. This will mean that it doesn't matter what browser/device they happen to be using, their settings will follow them.
I'm not sure I like the idea of modifying someone's "favorites" in their browser. I'm not sure I'd stick with a site that wanted that level of control over my browser.
Now, if you are just talking about having a page on your site that had a list of "favorites", then that's okay. Just keep it server side.
Most typical would be to store them in a database of some sort on the server side, easily accessable by the UserID. Keep in mind 'preferences' are different from 'state'. State variables are usually stored via whatever cookie mechanism you are using.
What is your web app using to hold the data on the back-end? Most likely, that is where you will want to store user preferences. Since you will already be accessing that back-end (a database, perhaps?) to authenticate the user for login, retrieving that user's preferences is a simple step from there.
The real story here is that we need more details. Are you storing authentication information in a database, or something else? How are your user sessions stored (i.e., when a user logs in, how does your web app tell that his browser is logged in on subsequent requests)? Your question seems to state this, but to clarify, are these PHP pages containing some amount of Javascript?
Depends on your requirements. You will need to choose either to store user preferences in your database, provided your users authenticate, this is probably preferred solution. But if it meets your requirements you can save user preferences in a cookie.
Here is are javascript functions and jquery plugin with examples on how to work with cookies.