I'm trying to close the browser tab when user clicks on logout button or session expires but i am not able to close the tab
I have tried using the below solution but its not working.
ScriptManager.RegisterStartupScript(this, this.GetType(), "Close_Window", "window.close();", true);
When using the above code I'm getting console warning in the browser.
"Scripts may close only the windows that were opened by it."
Any help will be appreciated.
I would recommend that the logout action and expiring session will redirect you to a different page of your preference (e.g. Home page, Login Page, etc). Which you will normally encounter from other websites like social media sites.
Using window.close for certain browsers are considered risky just like how you received the warning message, because the window/tab was not opened (initiated) by the script themselves.
There are probably some workarounds that you can find, but that will still depend per browser, and the hack might differ among them. So I would not suggest this. But still you can find some details about this here in a SO question.
Related
I'm facing issue because of Browser's cache in We Application.
On LogoutButton Click I clear the Session and Cache in the following way.
Session.Clear();
Session.RemoveAll();
Session.Abandon();
// Code disables caching by browser.
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
Response.Redirect("LoginPage.aspx", false);
and I'm disabling the Back Button also.
But If I access the History, User is able to get access to all the pages even after LogOut also.
In the latest Version of FireFox I have observed that It does not allow for Back Button, But When U long press the Back Button Firefox shows You the History means Previous Pages and When User clicks on it , It says some try again message and When User clicks on Try Again Message, then User is redirected to the given Pages and On Web Application It shows the Name of Old User name, for which I have just logged out recently.
In Google Chrome also I'm facing the same Issue.
One More thing I have observed that, in FireFox When User clicks Try Again. It hits the Login_ButtonClick Method of Login Page and Submits the credentials and that is why User is able to log in.
So I have come to this point and I have to find out some way so that browser does not cache my web application page because I'm not using Caching in application and performance is not a concern for me.
Or If I can do this in some other way, please let me know.
If this is for authentication, stop rolling your own and use Forms Authentication.
If you're going to continue rolling your own, then set a value in your session for "session token", just use Guid.NewGuid(). Set a cookie to this same value. On the logout code, set the session token value (in the session) to null.
Every single page request, compare the cookie value to the session value. If they are ever different, log the user out automatically, and send a cookie to blank out the cookie value as well.
I do not think it is possible to achieve what you're looking to do, this history in the browser is actually a cached version of the content your server sent to the browser. At best you can tell the browser to request content that's not cached on the server with the headers pragma: no-cache, but it is not bound to honor it by any means
Try adding tags to the HTML to prevent caching as well. Sometimes it works, sometimes it won't. I've had to use a combination of server and client side code to get a page not to cache (actually, refresh when the user hits the back button).
EDIT
Try adding these to your header in the HTML:
<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />
Kind of brute force, I'll admit, but with some browsers you've got no choice but to use this approach.
No matter what headers you use some browsers seem to always cache!
I just came up with this solution that I myself was looking for. It was staring me in the face the whole time.
This does not stop the browser from caching the data, it only stops the stale data from being re-read from the cache after the page has been reloaded. You can still use those headers if the data is sensitive and never want it written to cache, but it will not work in ALL cases. In my application that is not necessary I want to only avoid loading stale data from the browsers cache.
this solution is AMAZINGLY simple and requires little expertise to implement .
I use php but I believe URL variables can be used with asp, javascript and much more
Your browser sees http://example.com/index.php , http://example.com/index.php?x=32 and http://example.com/index.php?x=3199 all as different URLs so it will not use any of the above URLs as a cache for the other.
I generate a random number in PHP which you can probably do in ASP
in php I use:
$rand=(rand(1, 99999));
Now my link in PHP (should be easy to understand even with limited PHP)
'<a href="http://example.com/index.php?rand='.$rand.'>"
If the page already has URL variables then we add it to any GET forms, or concatenated links.
If the Forms are post forms we tag it along the "action" URL, so
http://example.com/index.php
becomes
http://example.com/index.php?rand=<?php echo $rand;?>
Then any page I do not want cached I simply add this random number as a URL variable. That URL variable is not handled by the server at all , I never GET that number and do not need to.
http://example.com/index.php?rand=4398
next time we load the same page the browser believes it is a different page due to the different rand= URL variable.
No worries we never have to read it, it is only to "fool" the browser. The next timne we go to the same page we will most probably see a very different number
http://example.com/index.php?rand=55468
or as far as your browser is concerned, NOT the same page, even if we completely discard the variable back at the server , meaning it has no value in your ASP or PHP and never used as a variable.
The answer is now so simple I am surpries I spent weeks on this and nothing worked consistently. THIS DOES!
I am building this Website in ASP.NET that needs a Log in with Facebook button (and later with Google) integrated with it to create an account.
I have looked at some great sources like
http://www.aspdotnet-suresh.com/2012/04/aspnet-integrate-facebook-login.html
and
http://facebooksdk.net/docs/web/getting-started/
[1] However, those examples never deal with Masterpages and content placeholders. So when I am trying to integrate them in the content pages, I get errors because for instance the login button called
"fb:login-button scope="email" data-size="large" data-show-faces="false" data-auto-logout-link="true" onlogin="window.location='/Main.aspx'">
Log in with Facebook < fb:login-button>"
is not accepted without the html tag
html xmlns:fb="http://www.facebook.com/2008/fbml">
which I cannot place on a content page anyways.
[2] Also, I want the user to create an account using their Facebook login. The account is really meant to be used as an instance so that a parent can sign up multiple children for a Summer Program, so all I need the application to do is associate the Facebook login with a new/existing account on my application. Any tips on how to handle this would also be greatly appreciated.
[3] Lastly, after a user logs into facebook, I would like to see them redirected to another page. However, in the code-behind file for the page, I cannot use the Facebook attributes that were written in Javascript and since the Facebook button was not an element of the toolbox, I cannot create an event handler for that. Instead, I had to write
onlogin="window.location='/Main.aspx'
within the tags of the Facebook button. This is not ideal because that means everytime I click that Facebook button, it will redirect me to Main.aspx. Meaning that if I were logged into Facebook already, and ran the Web site, I would click on "Log out" and still access the Main.aspx page...
Hope there's someone out there that has been in the same situation... or can help me!
I have been researching this for 12 hours straight now and cannot get anywhere :(
I'm fairly new to web forms development, playing around with a project created using the ASP.NET Web Application template in VS 2010. After the user successfully logs in, I want the user redirected to a page I created. How do I modify my project to redirect the user after login? Any samples / tutorials / etc are greatly appreciated.
Thanks!
To simply redirect to a new page when your user has logged in, use the DestinationPageUrl property of your login control... assuming you're using the Login control that is.
If you need to do anything more advanced you can use the OnLoggedIn event handler for your Login control to perform a redirect manually, or add any code for event logging and such.
If you've rolled your own login control, and are just using things like text boxes and button controls, then in your Button_Click event, you can just use Response.Redirect("DestinationHere"); to take your users to a new page.
After you checked for login:
Response.Redirect("url");
I assume you're using ASP.NET Login control. There's a DestinationPageUrl property of that control that handles exactly that. If login was successfull user is redirected to URL provided in that property.
<asp:Login ID="Login1" runat="server" DestinationPageUrl="~/Admin/Default.aspx">
</asp:Login>
Go to Properties and Set DestinationPageUrl.
Server.Transfer( *url*) ?
(method on HttpServerUtility)
I know next to nothing about ASP.NET, but from my Java web developer daze, redirect is bad because it involves another network round trip to the browser and back when you really just want to continue processing in another page.
And Response.Redirect() really does issue a 302 response code ("try this other url instead") back to the browser. yuck. XP
Server.Transfer() looks like the java version of Response.Forward()
For Sharepoint farm solution development
Page.Response.Redirect("url");
The issue with Response.Redirect() is the 302. In some browsers (eg Chrome) this causes the new session cookie to be immediately invalidated.
In other words, using that method to redirect causes the user to no longer be logged in, so you did not accomplish your purpose!.
I'm interested in disallowing the following after logout:
-- no back button
-- no direct access to pages via URL - for example: if the user logs out then they should not be allowed to see a cached page using some URL (e.g., replacing the URL with a valid URL in the site http://mysite.com/Gotothispage.aspx)
I've seen similar questions like this one: How to disable the back button in browser when user logout in asp.net c#
I know that I can set no cache on the master page, but then I lose the ability to use the back button when the user is actually logged in. Am I correct in this understanding?
A page is either cacheable or it isn't, the browser has no idea if you are logged in or not. You can't somehow retrospectively expire objects already cached by the browser.
Then I lose the ability to use the
back button when the user is actually
logged in. Am I correct in this
understanding?
Not entirely - you'll have problems using the back button on pages that are submitted using POST, but not GET.
A simple example would be to imagine an ASP.NET page with a paged Gridview - the user clicks pages 1,2,3,4,5, etc to navigate the grid.
Using POST, every time the user clicks another page in the grid, it will cause a postback to the same page. A page expired error will appear if the user clicks back after doing this.
Using GET, every time the user clicks another page in the grid, it will redirect them to the same page using a querystring (ie, Grid.aspx?Page=2). In this case, the user can click back, and it will take them to the previous page without any problems.
Pages should already be disabled after logging out, if your security is setup correctly.
If you have a master page or basepage class specifically for users that are logged in, you should check if they have a sessionId that you set when they logged in.
If they don't, redirect them to another page.
Users may see a cached version of a page, but can't do anything to it.
In my basepage class for members, i check if they are logged in on the OnInit event:
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
if (!IsLoggedIn)
{
Response.Redirect("default.aspx");
}
}
Edit:
What some sites do is..after you log the person off, they redirect you to a temporary purgatory page that says it is logging you off. This purgatory page will have caching turned off, and has a meta-refresh tag that takes you to your destination page.
So when the user clicks on the back button, it takes them to the purgatory page which then directs them right back to where they were.
Gmail does this, but sometimes it's so fast you can't tell.
I am devolping a web application.the problem is that i am using a login control (not a .NET control) which is a part of master page and is acessible from all pages. if user log In from a page the login control updates itself and displlay some statistics of logged In user but the specific page does not reload. (some options on page are visible only to authenticated users, so that after login, page should be reloaded to display such options)
after logIn methoed I wrote
Reponse.Redirect(Request.Url.AbsoluteUri)
after this the browser response the "Page cannot be displayed"
It would be of great help to me.
Many Thanks, Regards. AZHAR
From you description it is not clear what happens, but with high possibility you get infinite loop, when page is redirected to itself again and again.
Most obvious problem that you place redirect code in Page_Load,
as possible resolution:
Place Reponse.Redirect(Request.Url.AbsoluteUri) to OnLogin event of your login control
if you anyway want use Page_Load, at least add following check:
if(IsPostBack)
Reponse.Redirect(Request.Url.AbsoluteUri)
But last case is very bad style because may have lot of side effects.
Make sure your redirect is not causing a loop. Check Page.IsPostBack
Be aware that POST variables are lost during this operation.
Another thing that you should look at is the roles that you allow in the folder (in the web.config file in the folder).
I accidentally misspelt a role name and it kept redirecting my users to the login page.