| |
Membro registado 503 mensagems |
|
Publicado em abril, 20 2018 - 7:14 PM |
Hi my fellows developers
like the tittle said.
I have a program, this program have a login page, then I show another page and so on but if I copy the link of the second page afte login I can access, so then How it's a way possible to validate that?
is it a Function? or a propertie of the project? or a propertie of the page?
Thanks Best Regards. Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em abril, 23 2018 - 5:53 PM |
Hi
I mean I copy the URL then I close my session and open a new window then paste the URL and I can access even if I don't login. How can I validate that when I'm not login then show the first page.
thanks best regards Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 1.638 mensagems |
|
Publicado em abril, 27 2018 - 3:09 PM |
Hello, Is that a dynamique website or AWP Website ?
Anyway, the URL contains the current session ID. So if you copy this, in fact yes you'll be able to reach the page without the login process because the webserver will recognize you.
You'll have to wait for the session to be killed in the application server.
to avoid that you have few possibilities : - Having a very short session duration time (settings in the webdev server) and add a browser timer (shorter than the session duration) in each pages that will keep your sessions alive. When you'll close the browser, the session will automatically close in XXX sec (duration setted up in the server settings)
- You can forbid IP changing during the same session, so that if someone copy paste the link with another IP it wont work (Can be usefull against sessions stealing hack) |
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em maio, 03 2018 - 9:59 PM |
Hi François C.
it's a dynamic Website
when you mean to put a timer on the browser of the page, Do you mean to put in on the close event of the page? or where?
thanks Best Regards Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em maio, 03 2018 - 11:04 PM |
Hi François C.
I see what do you mean with the setupt with the webdev server when I close the browser of my site and then paste the link in one page it tells me that the session was close and then on 3 seconds redirect to the first site
I see why you said to put a timer lower than the setup but where I put it? on the load browse? or the unload?
and I'm not sure about the IP is with this fuction? https://help.windev.com/en-US/…
then How I get the first IP of the session of my site? is it on the link? then how I get it?
thanks Best regards Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em maio, 04 2018 - 4:22 PM |
Hi François C.
I see why you talk about that browser timer because the connection is lost and then everytime I want to do something it always get me to the first site but with the timer I create a procedure but how I can get the connection alive? I don't know about that... I will search for that
Thanks Best regards, Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em maio, 04 2018 - 6:53 PM |
Hi François C.
Now I get it!
I send a message to the user that the site it will lose if connection if her or him doesn't do something, then if her or him click on a button it will be alive the session.
now my question is for the IP changing, I'm not sure about this.
Thanks Best regards Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 1.638 mensagems |
|
Publicado em maio, 07 2018 - 11:30 AM |
Hello,
About the timer, I'd put it on the OnLoad browser function, so that, when the page loads, it will start a timer that will send a request to server every XXX secondes / minutes (your choice).
Doing this will keep the session opened. When the user will close his browser, the timer won't execute anymore (since it's a browser function and that the page is closed), so the session will die by itselft after time time you defined in the webserver.
Eg : Timer every 5 minutes, Server web settings "Disconnect users after : " 6 minutes
I'm french, so my settings are in french language so maybe the options are named in another way on the webserver ...
here is a screenshot of the settings :
|
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em maio, 07 2018 - 5:01 PM |
Hi François C.
Thanks! I did that but I put a Cell on my page just to have some click event on my page and reset the timer of my page and the session will be alive for the webserver part.
now about the IP ok I will put that set up of the webserver, but it's going that for itself? or Do I need to do some code?
Thanks a lot Best regards Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 1.638 mensagems |
|
Publicado em maio, 07 2018 - 5:56 PM |
No code needed, you just need to tell the server that changing IP Adress during the session is not allowed. |
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em maio, 07 2018 - 7:05 PM |
Hi François C.
I will check that set up and I will let you know if everything works fine.
Thanks a lot for all of your help Best Regards Jose |
| |
| |
| | | |
|
| | |
| |
Membro registado 503 mensagems |
|
Publicado em julho, 27 2018 - 6:52 PM |
Hi François C.
Sorry for the late response I was doing other projects but OH MY GOD! you save my life it works perfectly!! Thank you! you save my life!
Thank you very much!
-- Best Regards Jose |
| |
| |
| | | |
|
| | |