HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Include Other class.php in jsconnectAutoSignIn.

Hy guy's
Can you please tell me how can i include for example a different class in the "jsconnectAutoSignIn" so when the first user visit's the forum first to see wich user is logedin and if its the same user as in the jsConnect to do nothing and if its different from jsConnect to unsetCookie ?
Thank you very much in advance !

Comments

  • x00x00 MVP
    edited September 2013

    jsconnectAutoSignIn does not have a different user as jsConnect. Unless of course to are connecting via multiple sources, in which case jsconnectAutoSignIn always connects from the first. if you want them to be able to choose, then just use jsConnect.

    These plugin handle authentication.

    If they are first visit, then there shouldn't be another user. Also you generally want to avoid situation where you have users using multiple unlinked accounts.

    Whatever you need to do, it is a separate plugin.

    grep is your friend.

  • @x00 Thank you for answering so quickly.

    I know what "jsconnectAutoSignIn" does.. log's in the firs provider it work's like a charm i provide with jsConnect the user and the jsconnectAutoSignIn log's him in.

    My Vanilla instalation its embended in my Java(jboss +seam +JSF+primeFaces etc.) project, and i want to do a when a user visit the "forum" link in my website the "jsconnectAutoSignIn" to check the logedin user name(for example) and the user name form jsConnect if they are the same to do nothing, if they are different "unset ($_Cookie['Vanilla']);" (logout by distroing the cookie) and then the "jsconnectAutoSignIn" can loggin the user from jsConnect.

    The situation is: if the user signout of my website they are still logged in the vanilla ... and if a different user logg's in from the same computer without closing the broswer and want to go into the forum then the first user is still in.

    Thank you.

  • What you need to do is when your user logs out kill the vanilla session your end by deleting the cookie. If you are are on the same domain this is fairly easy, cross domain is still possible.

    Once someone is logged in neither of these pluignis are checking anything, that is purely down to vanillas session management.

    grep is your friend.

    bogdancristianUnderDog
  • this is my problem .... they are not on the same domain ... and i can not kill cookies from another domain, (Security prb.) i have try'ed to kill the cookie of vanilla every time i visit the forum, the vanilla cookie is killed and the auto log in log's again the user.. but that is not the solution, i want to put a condition when to kill the cookie session (vanilla).

    Can i do something in session management to compare the user in jsConnect with the logged in user ?

    thank you in advance!

  • x00x00 MVP
    edited September 2013

    jsConnect is about authentication, not session management.

    If you want to logout cross domain there are two solutions.

    1. pipe the redirects do that first redirects to vanilla sign out url then back to site.
    2. use a cross domain asymmetric method such as iframe

    All you have to do is load the page via the client it is not rocket science.

    grep is your friend.

    bogdancristianUnderDog
  • edited September 2013

    Ok i am sorry if i keep asking "neebee" questions but...


    how do i have to pipe the redirects do that first redirects to vanilla sign out url then back to site.

    Were to put the iframe and what that the iframe should have ?

    Thank you very much for trying to help me @x00

  • x00x00 MVP
    edited September 2013

    Because of the TransientKey security you can do it as follows

    First grap a copy of this, and load it off your server:
    https://raw.github.com/carlo/jquery-base64/master/jquery.base64.min.js

    Then run this script

    jQuery(document).ready(function($){
      //url to your forum sign out
      var signout_url = 'http://yoursite/yourforum/entry/signout';
      $.ajax({
        url: signout_url+'?DeliveryMethod=JSON',
        dataType: 'jsonp',
        success:function(response){
          var key = $($.base64.decode(response.Data)).find('a[href*="entry/signout"]').attr('href').match(/TransientKey=[^&]+/);
          if(key.length){
            $.ajax({
              url: signout_url+'?'+key.pop(),
              dataType: 'jsonp'
            });
          }
        }
      });
    });
    

    grep is your friend.

    hgtonightbogdancristianUnderDog
  • x00x00 MVP
    edited September 2013

    You can load this on your site logout. Just make sure /entry/signout is not blocked on your forum.

    grep is your friend.

  • THANK YOU @x00 i will try it today !!!! i come back with a answer !

  • edited September 2013

    A few modification because characters like "<" and "&" are illegal in XML elements.</p>

    <script type="text/javascript"> <![CDATA[ jQuery(document).ready(function($){ var signout_url = 'http://forums.example.com/entry/signout'; $.ajax({ url: signout_url+'?DeliveryMethod=JSON', dataType: 'jsonp', success:function(response){ var key = $($.base64.decode(response.Data)).find('a[href*="entry/signout"]').attr('href').match(/TransientKey=[^&]+/); if (key.length) { $.ajax({ url: signout_url+'?'+key.pop(), dataType: 'jsonp' }); } } }); }); ]]> </script>

    and i have my logout button like this :

    <s:link propagation="none" action="#{identity.logout}" value="Logout" styleClass="myButton"> </s:link>

    How to to logout my user from my website and then the user from vanilla forum ?


    Thank you in advance ?
    UnderDog
  • @bogdancristian said:

    How to to logout my user from my website and then the user from vanilla forum ?


    Thank you in advance ?

    Load it immediately after logout.

    grep is your friend.

  • edited September 2013

    Please don't laugh at me, but i need to make a $('#Logout').click(function($) { }); inside of jQuery(document).ready(function($){ }); and make my button like this <s:link propagation="none" id="Logout" action="#{identity.logout}" value="Abmelden" styleClass="myButton"> </s:link>

    ?

    And Also if i just access my forum `http://forum.de/entry/signout` its just takeing me to the confirmation> You are attempting to sign out of Vanilla. Are you sure you want to sign out?<.</p>

    Thank you @x00 for the support !

  • x00x00 MVP
    edited September 2013

    Seems reasonable. I give the general advice it now up to you to apply it to your situation.

    grep is your friend.

  • edited September 2013

    OK i need some help i don't know what i did wrong ....

    I installed in my script folder the "query.base64.min.js" *(see uploade img) and load it in my page ` src="#{request.contextPath}/scripts/jquery.base64.min.js" type="text/javascript" `

    1. I put this code in "head" <script type="text/javascript"> //<![CDATA[ jQuery(document).ready(function($){ $("#button").click(function(){ var signout_url = 'http://forums.example.com/entry/signout'; $.ajax({ url: signout_url+'?DeliveryMethod=JSON', dataType: 'jsonp', success:function(response){ var key = $($.base64.decode(response.Data)).find('a[href*="entry/signout"]').attr('href').match(/TransientKey=[^&]+/); if (key.length) { $.ajax({ url: signout_url+'?'+key.pop(), dataType: 'jsonp' }); } } }); }); }); //]]> </script>
    2. I made a button to call the function. <input type="button" id="button" value="Logout" />

    But when i click the button nothing happend, i did something wrong ? Please advice.
    Thank you in advance !

    js.JPG 12.8K
  • I don't really understand you. You need to execute this to log out. You can inspect network traffic to see what is happening, using a at tool like firebug.

    From what I understand what you wan to do is log out of the forum first, that is fine, just remember that you have to log out of both sites.

    grep is your friend.

  • Yes when i click the logout button to log out of bouth site's but i can not load the ".ready(function()" script ...

  • x00x00 MVP
    edited September 2013

    if it is submit button then you don't want log out of this site until after this script is executed. So want to prevent it from goign to another page until this is executed.

    Check the order of execution and debug with a tool like firebug.

    In all honestly I have given you everything you need, to test the script and the order of execution, using a tool like Firebug.

    I get the impression you don't quite understand the concepts in web development, so you probably have bit of a learning curve, I'm not going to sit here and coach you through everything sorry.

    I have already spent a lot of time giving you a solution that will work, you need to implement it in your scenario. If you have have question about web development, probably more appropriate in a forum, for general web development.

    grep is your friend.

    UnderDog
Sign In or Register to comment.