While logged in, when session expires and try to access a page that requires a user logged in, Joomla redirected automatically to login form.
How can I modify that redirect to establish that I want?
Create a custom redirect in Joomla! back-end Components->Redirects
Related
I am using AD B2C custom policies with my own custom UI. For some purpose I'm adding some cookies. As the UI runs under B2C domain (eg: tenant.b2clogin.com) these custom cookies are created under this domain.I need to found a way to remove these customised cookies when we do the B2C logout. I know the B2C has a way to redirect to a logout URL, but, I'm not sure it will work because this URL is out of the B2C domain when the cookies are created. Do you have a suggestion about how to customise the logout to remove these custom cookies placed under B2C domain?
Currently we can not customize the sign out UI directly by using custom page layouts.
When you logout from your web app you should redirect to B2C's logout endpoint as described in the document.
When you want to sign the user out of the application, it isn't enough
to clear the application's cookies or otherwise end the session with
the user. Redirect the user to Azure AD B2C to sign out. If you fail
to do so, the user might be able to reauthenticate to your application
without entering their credentials again.
The logout endpoint can receive an optional post_logout_redirect_uri parameter in the query string, where you can specify another URL where your user will be finally redirected by B2C. That can be the address of any resource, e.g. you homepage or your own page showing a "You successfully logged out of our service" message to the user.
post_logout_redirect_uri - The URL that the user should be redirected
to after successful sign out. If it isn't included, Azure AD B2C shows
the user a generic message.
I have my API set up using SessionAuthentication. Once a user logs in, I redirect them to their profile page in React. Once they are redirected to their profile page, I want to make a REST call to retrieve their profile data and insert it in the proper location on the page. I see a couple ways I can do this:
When a user logs in, put their User ID into the Response object (DRF) and then store that in the client somewhere (Redux store, session storage, or local storage). Then when they are redirected to the login page, make a REST call to /users/users_id.
With Django sessions the logged in user is automatically tied to each request. So do I even need to follow Rest here? I can make a call to /users, and if the user is authenticated, return their data.
I would appreciate any help with this. Thank you.
With SessionAuthentication, after a successful login, the browser saves a sessionId cookie for that domain (or ip:port) automatically. Sending a request will send that cookie from the same domain no matter with Django or React, and authenticate the user, making your request.user a user.
You can check for the cookie when you inspect the page -> Application -> Cookies -> Your domain -> sessionId
Basically, you can login via Django and it will login you with React as well. No need to store anything manually. Just use the same domain for both.
I'm using ember-simple-auth for my Ember app, but I don't have an API endpoint to authenticate users, rather it does a page redirect to the form and signs a user in, then redirects back to my app. (I don't own the authentication)
After authentication, it gets redirected back to me, so I know on the server side when a user has been successfully authenticated. How do I manually authenticate the users' session when they are redirected back to my app?
Currently I did a hack to write two cookies: ember_simple_auth:access_token and ember_simple_auth:authenticator.
I think setting up the session store manually is an ok solution in this scenario as that will trigger the session to be restored after the redirect (which is on startup of the Ember application). I'd maybe configure a custom authenticator that redirects to the external login page in the authenticate method. That way you have that redirect centralized and it will also be triggered automatically whenever Ember Simple Auth automatically enforces session authentication (e.g. from the AuthenticatedRouteMixin).
I have a domain domain1.com. The user logs in and a cookie is set. This is done using Django sessions.
I then go to another domain domain2.com. This domain runs javascript. From this javascript, I want to see if the user is logged into domain1.com.
Is this possible? Can I see a cookie belonging to domain1 from domain2? Or can I somehow via ajax make a call domain1 to check if the user is logged in?
Also, the user might originally have logged into domain1 from Chrome, but now they are accessing domain2 from another browser. Aren't cookies browser specific?
EDIT:
The real problem I am trying to solve? (re comment below): I have created a Chrome extension. When the user presses the extension icon from domain2, a javascript is run, which collects information from the page. This information needs to be sent to the user's account on domain1. Note that domain2 can be ANY domain, not one that I have created.
What I tried with AJAX and cookies.
set cookie from domain1:
response.set_cookie("user_cookie", value="somevalue", max_age=60*60, expires=None, path='/', domain=None, secure=None, httponly=False)
Create Python function, which is executed from domain1.com/checklogin:
#csrf_exempt
def is_logged_in(request):
cookie = request.COOKIES.get('user_cookie')
if cookie is not None:
return HttpResponse("1")
else:
return HttpResponse("0")
Go to domain1.com/checklogin -> The response is "1"
Call javascript from domain2 as follows:
var xmlHttp_1=new XMLHttpRequest();
xmlHttp_1.open("POST","http://domain1.com/checklogin/",false);
xmlHttp_1.send();
alert(xmlHttp_1.responseText);
The response here is, incorrectly, 0. It does not see the cookie created by domain1.
Note that domain1 is, at this point, localhost and domain2 is a real domain. Could this be the issue? It does properly call the function.
Is this possible? Can I see a cookie belonging to domain1 from
domain2?
No. Cookies are restricted to domains (and their subdomains). A cookie for .foo.com is accessible to www.foo.com, zoo.foo.com but not bar.com.
Or can I somehow via ajax make a call domain1 to check if the user is
logged in?
This is one way, yes and it will work.
Also, the user might originally have logged into domain1 from Chrome,
but now they are accessing domain2 from another browser. Aren't
cookies browser specific?
Yes, they are. If you are logged into Chrome, and you open Safari, you won't be logged in.
cookies are domain specific, you may share cookies between foo.example.com and bar.example.com but not between two domains. For work around, you need to send ajax request from domain two to domain one and check there if cookie as set and send response back to domain two.
Check this So question for reference:
Setting default cookie domain for Django site with multiple domain names
I am using nginx as a proxy server listening to some service running at localhost. But before I want proxy_pass to happen, the user should be authenticated by a cookie or a login prompt.
How to go about this?
You should have some rewrite rule that redirects the user to the login page if they don't have the login cookie. The login page will then set the correct cookie and redirect the user back to the correct page (if the user passes the authentication test). Maybe something like this:
location / {
if ($cookie_login_token = "") {
rewrite .* /login-page break;
}
}
Then your login page should set the cookie "login_token" with some value. Although that set up is pretty easy to circumvent if the user knows what cookie you're listening too (for example by watching some other user log in), so I suggest also doing stronger testing on the real server.