I have a local site running that is authenticated by an htaccess file which requires a username and password. This works great, but I want to add a feature that if the site is inactive (you walk away) for 10 minutes it will ask you for the username and password again upon refreshing/reloading a page on the site. Is there anyway to do this?
It's a Wordpress site so adding code to every single page might be a little bit of a hassle.
HTTP authentication hasn't any logout, nor session expiration. The credentials are sent on every request. What you want is a web-based authentication. In the case of Wordpress you may use one of the existing plugins, for example http://wordpress.org/extend/plugins/basic-authentication/.
Related
I ran an application that to have access, the user needs to log in, this application has multi levels of authentication, this application is a PWA too.
The problem is that when the user downloads the APP to the home screen it always opens on the login screen, but as it can be offline it will not be able to log in.
How can I do to keep it logged in? that is, when the user is offline or online go directly to their dashboard.
I read some answers about sessions and cookies, is it really the best way?
No react or angular or vue was used.
It took me a while to post the answer here, but it came.
Actually it was quite simple, just put in manifest.json to open the URL already logged in and solved my problem, of course it will only load if the user has ever accessed this URL according to my cache rules in the service worker, I suggest you try the same, if it doesn't work you can contact me that i can help.
We have several webapps based in Wordpress and Codeigniter, which are based on different servers but under the same domain (ie: intranet.something.local) and most of them use Active Directory login credentials.
For Wordpress, I'm using a plugin called Active Directory Integration to log in with these credentials and it's working perfectly after configuring openLDAP.
The thing is, our client asked us to have a single log on for every app, meaning that once I'm logged into Wordpress, I should be logged in when I go to another app, that uses the same login user and password.
Is there a possible way to do this? And if so, where should I start?
I believe, that is possible in multiple ways..
Setup Single Sign On in your apps
Use a script which automatically copies User data from a web app,
and then using that information creates user login to the other
apps..Idea is to let user register for one site, and based on that information, register him to other sites automatically
May be, some sort of Database sharing be possible, but that would be
really really a tough job, still Possible (I believe, in Computer
Science, nothing is impossible forever)
create a common cookie file and when user switches the app, use that
cookies to get the user login in between different apps
I use wamp to develop on a windows 7 machine. For this app I have an admin area which tracks the admin username and encrypted password with $_SESSION and a cookie which keeps track of the randomly generated encryption key for the password.
I set the cookie like:
setcookie('key', $key, time()+7200, 'admin/');
The admin user verification is run on every admin page after the admin user has entered username and password details to login.
The directory structure of the site and the admin is:
localhost/mysite/
locahost/mysite/admin/
A session runs in the admin section, and a session also runs in the user interface of the front-end to keep track of chosen criteria for searches.
When I run long database queries in the admin area ie. multiple updates and inserts where each iteration requires a connection to an external API, I am unable to load the front-end user interface in the same browser ie. firefox until after the admin operation has completed. If I use a different browser ie. chrome , I am able to load the front-end of the site while running admin mysql functions with no problems.
I'd like to view the site while these operations are running, and use the same browser. It's a small problem, but I'd like to know how to get around it because I want to learn. I mean I could just tell myself that it doesn't matter because the site works fine when I open another browser, and the final user isn't going to be running admin operations while viewing the site anyway, so from that perspective it doesn't matter, but I am curious.
What is going on with the sessions and cookies that stops me from viewing the site whilst the admin operations are running? Is my question even a good one? Part of me thinks that it's a silly question because ultimately the site works perfectly well in a separate browser. Anyway, thank you for looking!
I think your session is being locked. On the page that takes a long time to run add this at the top: session_write_close(); that should fix it.
I am running a Wordpress site but i feel that the solution to this question is possibly more generic so am asking for help here.
I have set up LDAP authentication. My website is running on http://a.com (for example), the authentication must happen over an SSL connection and the SSL address is https://b.com (points to the same server). The LDAP authentication works fine, i can be certain of that. The problem is when i log in, it all goes well, authenticates, and then redirects back to a.com where all of a sudden i am not logged in. I am guessing this is to do with the cookies but don't know how to check or how to solve it.
Is this sort of setup possible? Any idea how to get it working properly?
Thanks in advance!
Cookies set on one domain cannot be read by another. You don't want my site to read your banking site usernames.
Here's a possible setup for you: Instead of redirecting back to http://a.com after logging in on https://b.com, redirect to http://a.com?authtoken=abcde. Your code on a.com grabs that token from the URL, and uses it to check a database to see what user just logged in on b.com and was assigned that token. Expire the tokens after they're used.
I have my Wordpress install and MediaWiki sharing the same login information. Unfortunately, users need to log into both separately, but at least they use the same credentials.
What I would like to do is cause a successful login on the Wordpress blog to also cause a login for MediaWiki (ideally both directions). There are two ways this could happen:
Logging in causes a login on the other application (writes the cookie and creates the session in the DB)
Accessing an application checks for the cookie of the other and then automatically logs in.
Since the usernames are shared it seems like the latter should be pretty easy to do. Any tips would be great.
The primary problem you are going to run into is that you'll have two login forms, and two logout methods. What you need to do is pick one of the login forms as the default, and redirect the other one over to it.
I've been able to successfully integrate bbPress + MediaWiki + WordPress + WordPress MU, but I wrote a lot of custom code to do it.
I'm using the bbPress login page as the default (and .htaccess rewrite to /login/), and then I created my own MediaWiki authentication plugin (which looks a lot like the one you are using), except my plugin checks the WordPress/bbPress cookie for the login information and automatically logs the user in.
I created a customized /logout/ link that runs the bbPress logout, and also kills the MediaWiki cookies at the same time.
Then the last step was to redirect all of the other logout / login links for bbpress, mediawiki, etc, over to my consolidated one. I used .htaccess rewrites for this rather than mess with core code.
Still a work in progress, but it works fairly well.
You could consider some kind of single-sign-on software. I am unaware of any that are free and I've only ever used SiteMinder which is neither free nor good. Crowd may be better (but is again not free).
I've seen a setup going through Invision Power Board, using IpbWiki and a Wordpress integration mod. Mind you, it's expensive and excessive.
They both support OpenId now.
MediaWiki's extension
WordPress's plugin
There are probably other options for using OpenId, but I think that is the best solution available.