Reputation: 46415
How do you keep a user logged in with a popup window?
I have an application that requires the user to reenter their password between 15 and 30 minutes of inactivity to allow them to carry on with what they were doing.
My current idea is to have a piece of javascript that calls a popup after 15 minutes, asking the user to log in again. The site as a whole has a 15 minute forms authentication timeout, and a 30 minute session timeout.
I would then like it to allow the original page to have a postback if the user successfully authenticates themselves in the popup.
Currently I have the popup working (with a 15 minute countdown using JS) and the user is able to log in again, however when the popup window is closed and the user attempts to perform an action on their original page, they are asked to log in again.
I assume this is because their original cookie that was attached to the original page will have now expired, and it won't detect the new one.
How can I pass the successful authentication from the popup window to the original page?
Upvotes: 0
Views: 836
Answers (3)
Reputation: 19758
If you add a meta tag, or a hidden div, that populates the authentication token in the content attribute for a meta tag, and just in the div body for a hidden div, you could grab it from the popup window like this...
var debugWin = window.open('','aWindow','width=600,height=600,scrollbars=yes');
var somevar = debugWin.document.body.getElementById("my_hidden_div_id").innerText;
Then you could update the session cookie with the contents of somevar from JavaScript. As long as you maintain the handle to the window, you should be able to get at the window's DOM.
There may be some cross browser variance in how you get at the dom, I think IE has a slightly different method, but it is easily tested for and the result is the same.
Upvotes: 1
Reputation: 29725
I'd create a panel that requires the password, and has a proper code behind method through a button.
Then you can use AJAX or jQuery to trigger a modal "popup" box to require them to submit the details. By doing this, you can keep everything on a single page without having to worry about passing credentials between pages/forms/tabs/whatever.
In addition, you can have 1 script method that fires after x minutes to prompt for the refresh, and have a second javascript that fires after x + 2 minutes to log the user out of the application, should they fail to respond.
Your code behind method can properly reset all the cookie and reset the timeouts and can be reused on any page you wish.
Upvotes: 1
Reputation: 114347
It's better to use frames. Make the top frame 0 height and have itself refresh periodically. This way it doesn't get blocked or accidentally closed. You may also want to investigate doing the same with Ajax instead.
Upvotes: 0
Related Questions
- Display A Popup Only Once Per User
- how to code for users with disabled cookies and popups
- Cookie to remember modal window choice
- Creating a popup window that persists across an ASP session
- how to use cookies to prevent a jquery popup to after click action
- My popup requires re-login
- Make popup opening after a while even if the user is navigating to other page
- keep me logged in for windows + forms login
- Javascript Login Browser PopUp
- ASP.Net session and cookies for keeping someone logged in