PC SOFT

FORUMS PROFESSIONNELS
WINDEVWEBDEV et WINDEV Mobile

Accueil → WEBDEV 22 → [WebDev20] Navigation Web
[WebDev20] Navigation Web
Débuté par Jose, 20 avr. 2018 19:14 - 10 réponses
Membre enregistré
98 messages
Posté le 20 avril 2018 - 19:14
Hi my fellows developers

like the tittle said.

I have a program, this program have a login page, then I show another page and so on but if I copy the link of the second page afte login I can access, so then How it's a way possible to validate that?

is it a Function? or a propertie of the project? or a propertie of the page?


Thanks
Best Regards.
Jose
Membre enregistré
98 messages
Posté le 23 avril 2018 - 17:53
Hi

I mean I copy the URL then I close my session and open a new window then paste the URL and I can access even if I don't login.
How can I validate that when I'm not login then show the first page.

thanks
best regards
Jose
Membre enregistré
610 messages
Popularité : +3 (3 votes)
Posté le 27 avril 2018 - 15:09
Hello,
Is that a dynamique website or AWP Website ?

Anyway, the URL contains the current session ID. So if you copy this, in fact yes you'll be able to reach the page without the login process because the webserver will recognize you.

You'll have to wait for the session to be killed in the application server.

to avoid that you have few possibilities :
- Having a very short session duration time (settings in the webdev server) and add a browser timer (shorter than the session duration) in each pages that will keep your sessions alive. When you'll close the browser, the session will automatically close in XXX sec (duration setted up in the server settings)

- You can forbid IP changing during the same session, so that if someone copy paste the link with another IP it wont work (Can be usefull against sessions stealing hack)
Membre enregistré
98 messages
Posté le 03 mai 2018 - 21:59
Hi François C.

it's a dynamic Website

when you mean to put a timer on the browser of the page, Do you mean to put in on the close event of the page? or where?

thanks
Best Regards
Jose
Membre enregistré
98 messages
Posté le 03 mai 2018 - 23:04
Hi François C.

I see what do you mean with the setupt with the webdev server when I close the browser of my site and then paste the link in one page it tells me that the session was close and then on 3 seconds redirect to the first site

I see why you said to put a timer lower than the setup but where I put it? on the load browse? or the unload?

and I'm not sure about the IP is with this fuction?
https://help.windev.com/en-US/…

then How I get the first IP of the session of my site? is it on the link? then how I get it?

thanks
Best regards
Jose
Membre enregistré
98 messages
Posté le 04 mai 2018 - 16:22
Hi François C.

I see why you talk about that browser timer because the connection is lost and then everytime I want to do something it always get me to the first site but with the timer I create a procedure but how I can get the connection alive? I don't know about that...
I will search for that

Thanks
Best regards,
Jose
Membre enregistré
98 messages
Posté le 04 mai 2018 - 18:53
Hi François C.

Now I get it!

I send a message to the user that the site it will lose if connection if her or him doesn't do something, then if her or him click on a button it will be alive the session.

now my question is for the IP changing, I'm not sure about this.

Thanks
Best regards
Jose
Membre enregistré
610 messages
Popularité : +3 (3 votes)
Posté le 07 mai 2018 - 11:30
Hello,

About the timer, I'd put it on the OnLoad browser function, so that, when the page loads, it will start a timer that will send a request to server every XXX secondes / minutes (your choice).

Doing this will keep the session opened. When the user will close his browser, the timer won't execute anymore (since it's a browser function and that the page is closed), so the session will die by itselft after time time you defined in the webserver.

Eg : Timer every 5 minutes,
Server web settings "Disconnect users after : " 6 minutes

I'm french, so my settings are in french language so maybe the options are named in another way on the webserver ...

here is a screenshot of the settings :



Membre enregistré
98 messages
Posté le 07 mai 2018 - 17:01
Hi François C.

Thanks! I did that but I put a Cell on my page just to have some click event on my page and reset the timer of my page and the session will be alive for the webserver part.

now about the IP ok I will put that set up of the webserver, but it's going that for itself? or Do I need to do some code?

Thanks a lot
Best regards
Jose
Membre enregistré
610 messages
Popularité : +3 (3 votes)
Posté le 07 mai 2018 - 17:56
No code needed, you just need to tell the server that changing IP Adress during the session is not allowed.
Membre enregistré
98 messages
Posté le 07 mai 2018 - 19:05
Hi François C.

I will check that set up and I will let you know if everything works fine.

Thanks a lot for all of your help
Best Regards
Jose