Last active
May 23, 2017 04:14
-
-
Save bagaswidodo/0c78c84cf707c0dc4046b816c5043009 to your computer and use it in GitHub Desktop.
All about client side invalidate session example.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ===== | |
| aku gak tahu pastinya. tapi algoritmanya kira2 begini. ketika kita diatrahkan oleh ke url ke halaman itu, | |
| halaman akan menggenerate kode token yg disertakan di tiap tautan serbagai patamater url yg dienkripsi dan | |
| disimpan sebagai sesi, nah ketika kita klik tombol, patrameter tersebut dikirimkan dan dicocokkan dengan sessi yg tersimpan. | |
| jadi mirip dengan login dengan captcha, bedanya kalo captcha harus diinput manual, kalo ini disertakan dalam parameter url. | |
| sekali lagi ininanalusaku. yg sebenarnya aku kurang tahu | |
| ====================== | |
| index.php | |
| <html> | |
| <? | |
| session_cache_limiter('no-cache'); | |
| function randSessName() | |
| { | |
| $str = "s"; | |
| for($i=0; $i<10; $i++) $str .= dechex(mt_rand(0, 15)); return $str; } session_name(randSessName()); session_start(); $_SESSION[contoh] = "blablabla"; session_write_close(); ?> <body onUnLoad="open('hapus_sesi.php?id=<? echo session_name(); ?>', 'tutup', 'toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no, resizable=no,copyhistory=yes,width=50,height=50,left=100,top=100,screenX=50, screenY=50')"> Ini adalah halaman index. Silakan untuk melakukan pengecekan file-file sesi pada <? echo session_save_path(); >. Setelah browser ini ditutup, silakan cek lagi folder tersebut. </body> </html> | |
| sesi.inc.php | |
| <? | |
| function _delete_session($sessName) | |
| { | |
| $_SESSION = array(); | |
| if (ini_get("session.use_cookies")) | |
| { | |
| $params = session_get_cookie_params(); | |
| setcookie($sessName, '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); | |
| } | |
| session_destroy(); | |
| } | |
| ?> | |
| hapus_sesi.php | |
| <? | |
| session_name($_GET[id]); | |
| session_start(); | |
| _delete_session($_GET[id]); | |
| ?> | |
| Sesi sudah dihapus | |
| <script language="javascript"> | |
| setInterval('this.close()', 100); | |
| </script> | |
| =============================================================================================================== | |
| http://stackoverflow.com/questions/25207816/there-is-no-action-mapped-for-namespace-and-action-name-associated-with-c | |
| http://stackoverflow.com/questions/8991597/struts-hello-world-example-there-is-no-action-mapped-for-namespace-and-act | |
| https://www.mkyong.com/struts2/there-is-no-action-mapped-for-namespace-and-action-name-youractionname/ | |
| ================ prevent open another tab ====== | |
| 3 | |
| down vote | |
| accepted | |
| Sure. | |
| Here is a way to do it: | |
| Create a cookie in $(document).ready by firstly checking whether it exists or not, say cookie name='pg_loaded' and value='true'. | |
| The Important part lies here, check that cookie name and value in $(document).ready(function() if the cookie value exists then redirect user to another page ex: NoserviceProvide.html using window.location.href | |
| Otherwise The page is loaded for first time so create cookie as explained in step1. | |
| Be sure to remove cookie on page unload event. | |
| However using cookies will not be flaw proof because user can edit(tamper) them using browser tools. Also it'll not restrict user to have multi-tab environment but it'll allow your app to run in single tab. | |
| Or for simplicity use window.open() with required settings. But it cant gurantee if user opens another tab. | |
| Hope it helps. cheers :)! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var mouseOutOfView; | |
| var mouseYPosition; | |
| jQuery(window).mouseout( | |
| function(e){ | |
| if(!e) e=window.event; | |
| var relTarg = e.relatedTarget || e.toElement; | |
| if(relTarg.nodeName != 'HTML'){ | |
| mouseOutOfView = false; | |
| }else{ | |
| mouseYPosition = e.pageY; | |
| mouseOutOfView = true; | |
| } | |
| } | |
| ); | |
| jQuery(window).unload( | |
| function(e) { | |
| if(!e) e=window.event; | |
| //Firefox | |
| if((window.innerWidth != undefined && window.innerWidth <= 0) || | |
| (mouseYPosition != undefined && mouseOutOfView && | |
| mouseYPosition <=0 && mouseYPosition)){ | |
| alert("killing FF session..."); | |
| killLiferaySession(); | |
| return; | |
| } | |
| //IE | |
| if(e != undefined && | |
| e.clientY != undefined && | |
| e.clientY <= 0) { | |
| alert("killing IE session..."); | |
| killLiferaySession(); | |
| } | |
| } | |
| ) | |
| function killLiferaySession(){ | |
| jQuery.ajax( | |
| { | |
| url: Liferay.Session._sessionUrls.expire | |
| } | |
| ); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // trial 1 | |
| /* | |
| this is easiest script | |
| */ | |
| //public pages | |
| //alert(window.name); | |
| if (window.name == "default") { | |
| window.close(); | |
| } | |
| else if (window.name == "") { | |
| window.name = "default"; | |
| } | |
| else if (window.name == "invalidAccess") { | |
| //window.close(); | |
| window.name = "default"; | |
| } | |
| //authenticated pages | |
| if(window.name != "default") | |
| { | |
| // alert("window name : " + window.name); | |
| window.name = "invalidAccess"; | |
| window.location.href='http://192.168.10.11:8080/ib-bag/bankinglogout.html';//logout URL | |
| //window.open('', '_self', ''); | |
| //window.close(); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * autoLogoff.js | |
| * | |
| * Every valid navigation (form submit, click on links) should | |
| * set this variable to true. | |
| * | |
| * If it is left to false the page will try to invalidate the | |
| * session via an AJAX call | |
| */ | |
| var validNavigation = false; | |
| /* | |
| * Invokes the servlet /endSession to invalidate the session. | |
| * No HTML output is returned | |
| */ | |
| function endSession() { | |
| $.get("<whatever url will end your session>"); | |
| } | |
| function wireUpEvents() { | |
| /* | |
| * For a list of events that triggers onbeforeunload on IE | |
| * check http://msdn.microsoft.com/en-us/library/ms536907(VS.85).aspx | |
| */ | |
| window.onbeforeunload = function() { | |
| if (!validNavigation) { | |
| endSession(); | |
| } | |
| } | |
| // Attach the event click for all links in the page | |
| $("a").bind("click", function() { | |
| validNavigation = true; | |
| }); | |
| // Attach the event submit for all forms in the page | |
| $("form").bind("submit", function() { | |
| validNavigation = true; | |
| }); | |
| } | |
| // Wire up the events as soon as the DOM tree is ready | |
| $(document).ready(function() { | |
| wireUpEvents(); | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * http://stackoverflow.com/questions/1921941/close-kill-the-session-when-the-browser-or-tab-is-closed * http://eureka.ykyuen.info/2011/02/22/jquery-javascript-capture-the-browser-or-tab-closed-event/ | |
| */ | |
| var validNavigation = false; | |
| function endSession() { | |
| // Browser or broswer tab is closed | |
| $.get('http://192.168.0.100:8080/ib-bag/bankinglogout.html'); // here | |
| //parent.location.href='../bankinglogout.html'; | |
| //return ; | |
| } | |
| function wireUpEvents() { | |
| window.onbeforeunload = function () { | |
| if (!validNavigation) { | |
| endSession(); | |
| } | |
| return ""; | |
| } | |
| //for mobile. work when on mouse out prevent on desktop screen | |
| var isMobile = window.matchMedia("only screen and (max-width: 760px)"); | |
| if (isMobile.matches) { | |
| window.onblur = function() { | |
| if (!validNavigation) { | |
| endSession(); | |
| } | |
| }; | |
| } | |
| $('document').bind('keypress', function (e) { | |
| if (e.keyCode == 116) { | |
| validNavigation = true; | |
| } | |
| }); | |
| // Attach the event click for all links in the page | |
| $("a").bind("click", function () { | |
| validNavigation = true; | |
| window.onbeforeunload = null; | |
| }); | |
| // Attach the event submit for all forms in the page | |
| $("form").bind("submit", function () { | |
| validNavigation = true; | |
| window.onbeforeunload = null; | |
| }); | |
| // Attach the event click for all inputs in the page | |
| $("input[type=submit]").bind("click", function () { | |
| validNavigation = true; | |
| window.onbeforeunload = null; | |
| }); | |
| } | |
| // Wire up the events as soon as the DOM tree is ready | |
| $(document).ready(function () { | |
| wireUpEvents(); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment