I have an app running and this seems to be fine unless a specific process happens in mobile. When leaving the app on the dashboard for some time and going back after the session time has laps. I log back in to the app then clicking on the link in my plugin that is using the banno-plugin-framework-bridge deeplink the page is asking for authentication even though the app already asked for login for the app. I am not saving anything in session just authenticating. The only way I have found to resolve is to leave the dashboard screen and come back and click the link.
This does not happen in desktop so this has been harder to solve. I tried adding logs but because it is redirecting to the login for authentication I am not able to render a reason for it to need to authenticate again. When I tried in desktop to see if there was a session that I can target I am not seeing anything come back with javascript call "document.cookie"
Issue: appears to be that banno framework is "remembering" the urls. This is happening in a mobile browser when the user does not close the tab or browser. When the user opens the page, banno is remembering the url from last time and trying to load the same url.
What needs to happen is that banno needs to fully reload the page so that we can go retrieve a new url and log the user in again.
Could it be how they treat plugins when a browser is left open. A url that is loaded is not good forever.
Odds are good that the situation you're encountering is described in https://stackoverflow.com/a/71267143/6680761
Essential info from that link is:
Part of keeping state of the page is keeping authentication data. The OAuth flow used to initially authenticate the user is not intended to be used on every page refresh. It's expected that the embedded web application will keep its own authentication state. How this is done is usually very specific to the language and platform used for the embedded web application. However all strategies almost exclusively use a cookie which is destroyed when the application closes.
The Oauth callback URL with an authentication code should be redirected away from once the code is exchanged for an access token. From that point forward your app should be using its own authentication mechanism.
I'm trying to utilize the localStorage in a chrome browser to implement a login feature using Angular. I'm using this resource as reference: http://jasonwatmore.com/post/2016/08/16/angular-2-jwt-authentication-example-tutorial.
The problem is when I save a variable in localStorage using
localStorage.setItem('currentUser', JSON.stringify({ username: username, token: token }));
the app passes authentication and redirects to a welcome screen. However, in the chrome dev tools->application->Local Storage->http://localhost the variable appears and then disappears in about a second. I verify that it is no longer saved becuase trying to refresh redirects me back to the login page.
Why would the localStorage be clearing my data when nowhere in my code do I call localStorage.clear?
I even downloaded Jason Watmore's github project from the link above and when running that application I get the same problem.
To reproduce:
run app in chrome
login using the given credentials
view localstorage from chrome dev tools
refresh page and it will ask to login again
EDIT :
It appears to be working now and I have no idea why. What I did was restart my computer, and consequently the my servers as well and now the variable remains in localStorage as expected. If anyone could shed some light on what was going on under the hood I would be grateful.
Please I developed my mobile app and is primarily using localStorage for storing account info and some other info. The app has mobile and browser version.
For the browser version, I expect a user that is logged in to not be redirected to an auth page on browser restart. This works fine as my info are stored in localStorage. On the other hand, my mobile doesn't. User have to log in whenever he restart the app.
Please what option do I have? What option do developers use for the mobile storage? Do I have to use database? If so which one should use and where can I find a better documentation on this topic?
Note: I am using Cordova for my mobile app development framework.
For some reason, localStorage is tied to browser history. Some mobile browsers have an option to erase browser history on exit. If that box has a checkmark in it, then localStorage gets purged along with browser history everytime the browser is closed! So, you can ask the user to go into Settings and uncheck that box. Note: localStorage is not supported by older IE browsers, Opera Mini, and some Blackberry devices.
If cookies are enabled, you could use a one-time cookie code to log the user in automatically, but that cookie must expire after first use. Once the user is logged in, the server must issue a new cookie code to the client. And the client can use that new cookie to log in once again or keep alive the session. Using the same cookie twice should not work for security reasons. And the server must make sure never to issue the same code to two different users!
I remember, about 10 yrs ago, I went online to check my emails, and immediately the site had me logged into another user's account! I could have read that person's private emails and stuff, but I decided not to. I reported the incident to the admin. The problem was probably their server issued a random quick-login access code to me, and another user somehow got the same access code that I got. And when I opened the website, it thought that I was that other person. If your site deals with money and credit cards, you should avoid this technique! Any kind of auto login is a bad idea for a bank!
There is a plug-in to store data in an SQLite database using Cordova in this link
. You can find more details about storage with Cordova in the doc.
Save your data by using the following:
localStorage.setItem("variable", value);
Retrieve it from localstorage by using the following:
localStorage.getItem("variable");
It is as simple as it is.
Reference here.
I am new to Magento and I have just setup Magento 1.8.1 with the sample data. I was going through the user guide of Magento CE 1.8.1 and came to know that Cookie restriction mode should be set to Yes because of European Union Privacy and Electronic Communications Directive and its amendment. But i am facing a issue now which I am unable to resolve. After changing the settings to Yes, I refreshed my site and I got the Allow Cookie Alert Box. I clicked Allow and I was directed to the Enable Cookies page. I again clicked allow on that page and was directed back to the same page as if it just refreshed. I am embedding screenshots for clear understanding:
the first one is the home page and the second one is the enable cookie page.
Few changes what I did was, I changed System -> Config -> General -> Web -> use http only to No. I did this because I was getting errorless Login page when I was trying to login on the backend in Google chrome and this was one of the solutions available on stack overflow. But I reverted this back to yes when I came to know that this makes the site vulnerable to attacks. That's why I did some changes in the varien.php file as described in the second solution of Why I can not login to magento backend using google chrome by a user named AKT. Also, I had set the Cookie Restriction Mode to YES. Does anyone have a solution to this? This is only happening in Google Chrome.