I developing Struts2 project.
In that project the user can log in and do something its work fine.
If that user open the new tab and type my project url it will show the same page(after login page).
How do I implement the above scenario?
One way would be doing like described here, in a question almost identical to your (concept is the same, only the implementation, on .NET, differs).
Calculate an unique value each time you pass in the Action, then put
it in a session variable (that is server side) and use it to feed an
hidden field on the web page (that is client side).
When the page will post back (submit) the form containing your hidden field, you
will see if the page field and the session field are the same.
If yes: it is (the only OR) the last page / tab opened.
If no: you are trying to submit the form from a page that is not the
last page opened.
This way, you will always have only one instance of the web application, and if you open another instance of the web application in a new page / tab, it will invalidate the previous one: only the last opened will be valid (because of multiple hidden fields, one for each page, but only one session variable).
IF you really need (do you?) to prevent the user opening a new tab instead of ensuring a single instance for the web-app, start working from this principle and eventually come back here (better with some code)
Related
I'm using kendo for my client side framework using MVVM single page application architecture for a multi page MVC app that I'm currently working on. What happens is there are 4 pages/steps in total in which the first 3 steps requires users to enter in some information and hitting the next button and using kendos router function to route to the specific page on button "Next" press.
Each pages values depends on the previous page, so in page 1 user would enter in some user ID's, on next button click it will call an AJAX call to my controller method passing in a viewmodel from the view and then returning some values based on those ID's and load them on page 2.
Because the values are loaded based on a kendo observable viewmodel from the view on page 1, if the user was to refresh on page 2, the values would all become null since the refresh would basically wipe out all the values saved in the viewmodel or if the user presses the "Previous" button or the back button on the browser whatever values they entered on page 1 would also be empty instead of displaying the previous values they've entered.
Main question would be is this the right architecture for what I'm doing? Should I just be doing standard MVC and passing my viewmodels/populating my screens from the server side so my values would never be null but on refresh it would just always hit the server side code.
If a single page application architecture is fine for such an application what would be some solutions for this problem?
Thanks
I am working on a web application that involves the user filling out a multi-step form that spans several pages. The form has tabbed navigation across the top (these links do not submit the current page) and a next button at the bottom (which does submit). I am considering several strategies for handling form submission/validation:
one action method and view per form page. When you hit next, it submits the form to the action method for the next page. If there are validation errors, you are redirected back to the previous page:
URL's are descriptive and can be copy-pasted
Only redirects in the error case
Since the redirect does not have the form data, we lose context about the submission which makes it hard to display certain error messages
The same validation logic works for redirecting the user if they try to visit a step in the flow that they aren't ready for yet
one action method and view per form page. When you hit next, it submits the form to the current page action. If there are validation errors, the same view is returned. Otherwise, we redirect to the next page action:
URL's are descriptive and can be copy-pasted
Redirects are very common (not sure if this is bad)
When displaying validation errors, we are in the same request as the form submission so we have full access to the invalid input
Have to pass additional context if we want the ability to, for example, add a "Previous" button which also submits
one action method for ALL pages. URL's contain additional context about the step being submitted (e.g. MyController/MyAction/{step}). The controller message selects which view page to return depending on validation and the current step.
URL's are not descriptive (e. g. if I submit step 1 to go to step 2, then the URL the user sees will be the same regardless of whether page 1 (invalid) or page 2 is returned
No redirects
When displaying validation errors, we are in the same request as the form submission so we have full access to the invalid input
A different method I haven't listed here
I have tried to enumerate what I see as some of the pros and cons of each method, but I would be interested to know:
What are other pros and cons of these methods? Are mine correct? Could some of the cons I've listed be designed around?
Is there a standard approach to this problem which I should be using? If so, why is it the standard approach?
I would highly recommend option 2 with a minor modification. You may want to think about also creating one view model per action/view as well. If you have one model that spans all the pages, validation will occur across ALL properties, meaning that even though the user can only edit part of the model on each screen, they could get validation warnings for properties they can't see. We did this recently in a project and it worked beautifully. You have to do some data manipulation in the back-end to combine everything back together, but it was worth it in the end.
As you said, your URLs would be deep-linkable, which means users can Copy/Paste, and more importantly, they can add the page as a favorite in their browser, allowing them to come back to the same place very easily. In my opinion this makes option 3 obsolete.
You will also benefit from the fact that all of your logic for navigation is occurring in one place. You'll have to store the state of the "wizard" on the client (which page you're currently on) so that your controller knows what to do on submit. You'll want to analyze the state of the wizard and make a decision for where the user needs to go next. If you go with option 1, you won't know where you "came from" and server-validation errors will be difficult to display to the client. This is a beautiful example of the POST - REDIRECT - GET pattern. Each page would have 2 actions, a GET that takes simple ids, and a POST which takes more complex models. Post the server, figure out where to go next, redirect to a GET.
Lastly, consider your previous button simply linking directly to the previous step, instead of submitting the form. Otherwise, the user could potentially get stuck on an invalid step. This happened to us and again, worked very nicely.
Hopefully this was helpful. Good luck!
I'm once again looking into the world of tabbed browsing and Sessions. Looking over a few google searches it seems that there isn't a nice way of supporting this.
Does anyone know of a method that allows Bookmarking without stealing a session (cookieless) (and this doesn't work in MVC2 for dataannotations).
Supporting tabs in such a way that it's per use case (like Windows Workflow), going through two workflows at once.
I'm thinking a url in the query string might support this, but I'm wondering if anybody else has done a similar implementation.
[Edit] Use Case: Say I'm writing an application that uses something like Windows Workflow. Each UI workflow may do an action such as collect settings of a page and execute some external process. I may wish to do two of these workflows at once (not necessarily the same UI workflow). As such if I saved in session I would get:
a) Different tabs interfering with the workflow
b) Previous/Next buttons would be extremely difficult to work out, due to a).
I would like it so either, a user cannot open another tab to a url (don't think there is a 100% method of preventing this), or allow a user to use a UI workflow in isolation without one affecting another (much like running two workflows in two different browsers).
Hopefully that gives an indication of what I'm attempting to do.
Regards,
J
It sounds like you might be trying to do the following:
For example, let's say you have a two page questionaire, the first page has first name on it and the second page has last name on it. You desire that the user can open two tabs, and be at different pages in the questionaire while entering different data in the questionaire in each tab.
So in Tab A, you have entered Mark as the first name and submitted and you are at page two now in Tab A. You decide you are going to do a questionairre for your friend also, so you open up a new Tab, Tab B. In Tab B you enter Tom and submit the page.
Currently in the browser you have Tab A, which is at page 2 of the questionaire with firstname = "Mark" and Tab B which is at page 2 of the questionaire with first name = "Tom". Assuming you wanted to maintain both of these in session on the server here is an approach that i think will work for you.
When a web browser requests page 1 of your form, on a GET request(no posted questionaire data to the server), you supply a hidden field in the the response html and generate a random number to store in that field. When this form is submitted you do the following on the server:
Look in session using the random number as a key "var questionaire = session[Request.Form["questionaire_rnumber"]]
if the questionaire is not in session you create a new questionaire and update it's properties and stick it in session
var questionaire = new Questionaire();
questionaire.FirstName = Request.Form["firstName"]
session[Request.Form["questionaire_rnumber"]] = questionaire;
if the questionaire was in the session you simply update the object, and display the next page, however when you display the next page you will want to supply the hidden random number field in the html again, using the same random number you used on page 1.
This way you can hold any number of questionaires in a single session. With MVC.NET it should be straight forward for you to add the random number field to your view model and add the logic for looking in session for an existing questionaire or creating a new one and I think you'll be good to go.
You should keep in mind the possible issues with the approach also, like back button issues, security issues, and performance issues.
One example of a security and a performance issue would be that an attacker realizes your application works like this and the attacker requests page 1 of your form 10,000 times and submit the page 1 each time. You would have 10,000 questionaire objects in that one user session. If the attacker deleted his session ID cookie 10,000 times and for each session id cookie he created 10,000 requests for page 1 and submitted the page 1 form, you would have 100,000 questionaire objects cumulatively across 10,000 sessions on your server. So you should put some constraints on it also to protect your application, for example:
Any individual session can only have X questionaires in session
Any individual IP address can only have Y concurrent sessions (this you would probably need to track in the Application object)
ADDITIONAL RESPONSE TO ADDED USE CASE
Thanks for the use case. My solution should still work for you. You have two options.
If you want to ensure there is only one tab working with your workflow, then when the random number is passed to the server from a new tab you will be able to detect that there is another workflow in progress and that the random number from the new tab does not match the random number from the first, so you will throw an exception and show the user some messaging that says they can't start a new workflow until they finish the first one, and ask if they want to cancel the first. You have to ask if they want to cancel it because if they close their browser on the first workflow they started they will be stuck until their session expires. Which won't happen if they keep trying to start a new workflow.
Secondly, you could allow them to do multiple, but segment the context of each workflow by the random number, as suggested in the first answer. The whole point is that you are making little mini-sessions in your session, but keyed of a value that is only stored in the client. So since each tab has a different random number when the form posts to the server, it's easy to correlate that random number with an entry in your session that has all the information about the workflow initiated from that tab.
Hope this helps.
You need to store wizard state information in the client in some way, via query string or form values. As you've intuited, Session will not work. Nor will anything else that relies solely on what is on the server.
To my understanding the session variable gets cleared when a users closes their browser. Is there anyway to clear the session variable when a users closes a tab in a browser?
The reason I ask is that I need to differentiate two visits if a user is on the site and closes the tab but not the browser, and the user goes back to the site on a separate tab in the same browser session.
Session variables are server-side, and tab closing is a client-side action, so you'd have to somehow send a signal to the server to clear those session variables.
The most obvious method to me would be to use the browser's onbeforeunload method and ajaxically send something to the server to clear the session.
This is dangerous territory, though. Are you sure you don't want to allow the user to open and use more than one tab of your site at the same time? Because, if I have your site open in two tabs, this technique will clear the session on the close of the one tab, rendering the other tab useless (not usesless, just the rug might have been pulled from under this page, now that session is gone).
Check the following link for best answer:
Why Doesn't Closing A Tab Delete A Session Cookie? .
What you can do is append some random text in end of url's and store it for reference and if the users comes from new tab and doesn't has the random text appended, you can determine the user coming from different tab.
I'm working with Ruby on rails 2.3.4 and I'd like to pass some parameters from one page to another ones the first one is submitted.
For example:
On the first page, I have a form that when it's filled a Preview button can be clicked to check all the info entered before submitting the form. That button redirects to another page with the info entered before, but I don't know how to get it in the second page.
There are two possible solutions:
You can emulate the stepped form filling by creating a record in first form and saving it with status "unverified" or "pending". This way you won't have to deal with hidden form fields in 2nd and 3rd pages. All you'll need to pass is the id of pending record. You'll just need to update record status to "active" once the data is confirmed.
Use client side paginated from (all popular JS frameworks have plugins for this). Hence you will only display different <div>s in single loaded page (something like an interface for a setup wizard).