my question seems simple and stupid
but first read this,
suppose you have a login form which take username and password and post back to controller
if login successful then return Homepage(return View("HomePage")) View (not Redirect) then suppose i am Logged off
and return Login (return View("Login")) View (again not Redirect) and now if i press Back button and Refresh the page then it will automatically get logged IN by using those username and password which i entered before.
So can i make those password Null from Browser's Memory or where ever it is i don't know.
"i know that not redirecting (RedirectToAction("ViewName")) is causing the problem" But Why or May be i don't know any important concept
Some browsers, especially Firefox try to be helpful and 'remember' values you have input into text fields and checkboxes. in order to switch this off in a particular input add the following attribute
autocomplete="off"
Alternatively, using jQuery you can switch it off for a whole form:
$("form").attr("autocomplete", "off");
ModelState.Remove("key");
or
ModelState.Clear()
Related
From my client detail page I have a button to edit the client record which redirects to an edit page. I have a "return to client detail" link on the edit page which I want to redirect the user back to the previous client detail page.
<a asp-controller="Client" asp-action="Detail" asp-route-id="#Model.ClientID">Return to client detail</a>
Currently this works as expected but takes extra time as it reloads the detail page from scratch (ie running all the various db queries again). Since the user is really just cancelling the edit without any changes to the state of the client I am wanting to return the user to the previous detail page without having to go through the controller action again.
Essentially I am wanting to simulate the browser back button (to improve responsiveness) but i'm not sure how to implement this or whether it's good practice to do so. Some guidance would be appreciated.
Thanks
For IActionResult you can use this code:
public IActionResult Test()
{
return Redirect(Request.Headers["Referer"].ToString());
}
U know what? I hate JS so i will write answer with backend side. The HTTP referer is an HTTP header field that identifies the address of the webpage that linked to the resource being requested. So simply read that and pass to view (always remember about XSS and validation, user can easly spoof HTTP request)
In action controller
if(Request.Headers["Referer"] != null)
{
ViewData["Reffer"] = Request.Headers["Referer"].ToString();
}
In view (razor)
#if(!string.IsNullOrWhiteSpace(ViewData["Reffer"]))
{
Return to client detail
}
You can use
<a href='javascript:history.go(-1)'>Return to client detail</a>
or onclick
Return to client detail
It should be like this
<input type="button" onclick= "history.go(-1)" value="Return to client detail" />
One note of caution using Request.Headers["Referer"] - if someone refreshes the destination page for some reason, Request.Headers["Referer"] will be empty.
Using history.go(-1) gives the expected behavior despite page refresh.
I think that you need to get rid of the idea of passing through the controller. If you need to browse quickliest with asp net core code about href you can try this.
<a asp-area="" onclick="history.go(-1);">Return to client detail</a>
I would never rely on my button, thinking a user will prefer it to browser back button.
I would say the correct way to solve this problem is to store the page state somewhere, for example, save ViewModel in TempData or Session. Then, if exists, load from it, instead of running db queries. It's quick and reliable.
This Request.Headers["Referer"] will not work if the user refresh the page or the page is been loaded twice, which mean, clicking back will not take you out of the current page.
I have an initial login screen where we can enter a "username" and "password".
I have four views and I am using the "username" and "password" entered in the first login view to establish an SSH connection in the fourth view.
To pass and use the username and password, I'm passing them through a hidden_field_tag in all these views, and when we click on the submit button, these hidden field values are passed to the second view.
All these submits are get requests.
The username and passwords are appearing in the URL as I am passing them as parameters.
If I use a post request instead of a get, the page expires when I click on the back button in my browser.
Is there anyway to hide/encrypt those parameters in the URL?
Thanks.
I don't think you're going to be able to hide them as we know GET exposes the params. I'm wondering if you can store them in the session instead? I don't know what you're doing off hand but the logic seems a bit opaque. Maybe you can re-think the logic into more of a common pattern. Good luck!
You really shouldn't be passing the username and password as a get request. If you don't want the page to expire as a post, I suppose what you could do something which would send the username and password via AJAX post request and the rest with a get request.
You really shouldn't be passing the username and password as GET requests. I would recommend instead having another form button to go back in the 4-step process so that the whole process is done by POST whichever direction you are travelling, this would also ensure the user doesn't lose data when going to a previous page.
<%= form.submit 'Previous Step' %>
<%= form.submit 'Next Step' %>
Controller:
if params[:commit] == "Next Step"
object.update_attributes(params[:item])
<..logic..>
end
What's wrong with the page expiring when you hit the back button? Seems fine to me. You often can't login to something then hit the back button to return to the page - google for example. Use post.
I have a single textbox on a form - basically to allow users to change the URL of their site in our mini CMS. We use remote validation to check that the URL is not already taken.
They enter their desired URL and hit the save button. If they do just that and the focus goes from the textbox straight to the submit button - the validation does not happen and the form doesn't submit properly. If they tap into an area of whitespace then the form does.
The issue with the form submitting is that if they tap whitespace we get the name of the submit button posted along with the desired URL - we use the (AcceptParameterAttribute) to allow us to route form submits to the right Action. This uses the submit buttons name attribute to do this. If they don't click whitespace to lose focus on the text box then only the desired URL is posted.
This is a really odd one and it is very annoying. Has anyone seen anything like this before? Is there a way to overcome the problem?
Try adding the following script to the page:
$(":input").live("blur", function () {
$(this.form).validate().element(this);
});
This should cause validation to occur when you click on the submit button. If not, try changing the first line to:
$(":submit").live("click", function () {
I have a controller that returns
System.Web.Mvc.FilePathResult
I do return this.File(filename, contentType, download name);
This action is called when user is clicked on a link and
I have made $("a[rel='popup']").colorbox();
.So whenever a user clicks on the links
It takes to the controller method and the file
Shown in the colour box.
Now I am facing an issue it is like
If a user is logged in to my site and open a page
, where links are shown and the user goes away from his seat (ie session expires)
Then he come back and clicks on the link
.At that time my application breaks as there is no valid session.
So tried to return View("LogOn");
when session is null.
But as still it is not redirected to the
I think it is because of the colorbox
Can anyone suggest any thing such that I should be redirected to the log in page
Even if I am taking a Color box
?
When a session expires, it will not be "null", so if you're checking if (Session == null), this won't work. You'll need to check for the presence of a session variable instead.
In your comment you say you're tried redirecting to /Home/Login but it doesn't render the login view. Can you elaborate? What does it render?
I have a page "Results" with a form and when "submit" is clicked, the form is submmited to another Action. So far, so good...
But, this works fine just if user is logged in. If not, he will be redirected to "Login" page and my FormCollection loses its data.
Is there a way to persist this data without using TempData??
Thanks!!
I don't think that's possible. The only thing the system remembers during the redirect to the login page is the 'return url'. No post data is saved (this could be megabytes of data...)
You can use the Session object as alternative, or make sure that the user is logged in before you post.
Or, if it's just a search result, try to live without the POST, and use a GET (which also has other advantages)
I would prefer to disallow unauthorized user to visit "Results" page or at least to show him message "Please login first" instead of the form.