Hi guys this is my first post.
I want to send authentication request from my site to server enabling session while redirecting to other page using HTML or PHP or any thing related.
so far i have set up a redirector on my server to my directory page on my site after login from server , but as soon as i login on my server it redirects to my page but sends me back from my site to server login page without any logs generated on my server
i was wondering if i could enable session from my web page using form and PHP
my server uses login.cgi
server is on HTTPS and site is on HTTP
hoping to get help really getting frustrated
Thank you
I think according to your question, you haven't added a session handler yet to your pages. you need to add something like following code to the page that you are redirecting after successfully log-in,
session_start();
if(!isset($_SESSION['LOGIN_USER'])){
header('location:../index.php');
}
In your Login Page, you need to add a session handler something like this,
session_start();
if(isset($_SESSION['LOGIN_USER']) && !empty($_SESSION['LOGIN_USER'])){
header('location:../members/members_area.php');
}
You can use Session Management concept of java, Please refer this link,
Session Management in Java
In java you have to maintain Session in this.
Related
I am seeking your expertise to know whether below is achievable.
I am trying to connect to an Webpage (not a login page) using Java HttpUrlConnection. Also i have passed credentials on Basic Authentication.
The connection is automatically redirected to login page with Response code 302.
I need to know if i can submit the credentials on the login page and again redirect to my actual page?
Yes. Login using HttpURLConnection is achievable.
However, you will need reverse engineer the specific details for the login protocol / sequence for each specific site in order to figure out how to make programmatic site login work.
This is generally not hard to do. You start by carefully examining the source of the pages and the requests that your browser makes when you login to the site.
I am developing a web application using Oracle ADF. In my web application user has to log in to access web application. Application is working fine. Now I need to enable a feature like once a user has logged In and due to some reasons he closed a tab not the browser. So whenever he try to access the same application he do not need to login again. Since browser has not closed the user has to be automatically logged in.
For this I googled a lot and got information that we can achieve this using browser cache and servlet filters. I got information from This Stackoverflow question. But I don't know how to implement Filters and all in Oracle ADF web application. Please help on this.
Thanks in advance.
If the user is closing ONLY the tab containing the application, but not the browser, the user doesn't need to login again - this is how authentication works with Java Servlet API and ADF is built on this API. This happens because all browser tabs share the same http session and JSESSIONID cookie is stored at session level.
You can try logging on, close the tab, open another tab and type in the url directly to your home page (.../faces/main.jsf). This should get you in without login required.
i want to login into an web-application and want to perform some search operation after login. I am using httpclient for this and i am able to login and fetching the data of that page but i didn't get anyway to perform post operation say searching of any user account after login. As it is asking for login again. Please provide any way or idea to do this?
When you login into a site the server usually sends you back a cookie containing your session id, or the jsessionid header. Try sending this jsessionid and its value back to the server in the post-login operation.
This may not work, because the server can force you to use cookies. This is just an idea of the scenario often found around there.
Its not httpclient, but there is a browser automatization framework called selenium.
look here for an explanation how to use cookies in java, using the java.net APIs http://www.hccp.org/java-net-cookie-how-to.html
I have had a scoping issue with a session cookie not being visible in the past. You "may" have the same issue.If you know the session cookie is being created after you have logged in successfully, try adding a call to setDomainMatchingStrict(false)
import com.meterware.httpunit.cookies.CookieProperties;
WebConversation wc = new WebConversation();
CookieProperties.setDomainMatchingStrict(false); // <- the important bit
I am working on small Java project to programmatically connect to a website with username/password, after login, browse to different links on the site to download some data. First, I need to connect to the website with username/password,
second, while I keep the session open, go to other links to download data.
How do I do this in Java?
Any help will be highly appreciated!
Check out the Apache HTTPClient, it can do all this for you.
Edit: Apache HTTPClient has authentication and cookie handling features included, which will save you a lot of work doing this yourself.
If you want to extract some data HtmlUnit can help you a lot it can manage the authentication and also help you with data extraction.
Investigate with your browser how the web page submits the username/pass data? HTTP Form POST, Ajax, etc..? Use a plugin like Firebug to see network traffic.
You can use URLConnection to create HTTP requests. You will neet to simulate a username/pass login and remember the cookie for use in consequent HTTP requests to simulate a session. Here are some examples: send HTTP POST request, get a cookie, send a cookie.
I am using GWT for my client side application. I am not using GWT/Java for the server. However, I am not sure how I can handle session management. The GWT application resides on one page, all server calls are done via AJAX. If a session expires on the server... let's assume the user didn't close the browser, but left the application open, how could my server notify the application that the session has expired and that the client side portion should show the login screen again?
What is meant by client side session management? That seems inherently insecure.
I'm not looking for code. I'm looking for ideas, techniques, potential solutions etc. I've considered Comet http://en.wikipedia.org/wiki/Comet_(programming), but that doesn't seem like that will work very well without using Java on the server side. Maybe, I'm wrong? I don't want to poll the server either.
Any thoughts or insight?
Without knowing how you're doing your RPC is working, its hard to give good advice.
If your AJAX service requires a user to be authenticated (IE have a valid session), it is ok to just send a 401 error saying that the user is invalid. Client-side can interpret the 401 error as a message that it should set the user up for re-authentication.
We handled this in our application, by detecting when the server sent back a redirect to the login screen (it would come through the response to the Ajax call), and popped up a dialog asking the user for their password again, but pre-filled their username. We then posted that to the same place the login page does, as if it was the login page, and so the user was logged into this new session automatically. Finally we just re-submitted the ajax call again, so it was a seamless process to the user (eg: they didn't have to click the action again).
Since we stored all the state on the client, and not in session variables we didn't have any problems trying to persist data across sessions.
What should happen if the session expired on the server-side, then the next time the client sends a request to the server, it will either create a new session, or, more likely, send back a message to the client that it is trying to access a page without a session, and send them to the login screen. However, you will still need to wait until the client sends a message to the server.