Hi Community,
I have a requirement wherein I want a user to be redirected to login screen if he tries to copy the URL(of a page which he is accessing by logging in) and paste it in new tab of same browser.
Also he should not be logged out of the tab where he is logged in.
Thanks AWL!
I would store each visit to the page in a table and then clear it when a user leaves the page (via the On Destroy Event I think?)
Then you can put a check on this table how many times a user has accessed that particular URL
This aproach may adress the problem but it may cause performance issues. So your other suggestion to use client variables is best one.
Hi ed,
But since I am not closing the existing tab when will the OnDestroy run?
I am opening a new tab in same browser without closing the previous.
If you open a new tab of the same page, your logic can check the table to see if a page has been previously opened. If it has, redirect to the login screen. If not, populate the table and visit the screen.
When a screen is closed. (And I guess on session timeouts, logouts etc), clear this table so you don't remain locked out of the page,
The Table would contain the Page Name and the User Id
I understand what u are suggesting, but creating new Entity is a bit of limitation for me, also adding DataAction(for checking DB and all) to each and every screen and OnDestroy is a big impact.
Can you think of any alternative??I'm trying to use "document.referrer" but it is giving me empty value.
Hi @edTheEngineer ,
Can you think of any reason why document.referrer is returning empty value?
Hi
OK. Hmm. I take it is acceptable for the user to log on to the same page at the same time from different devices?
You could have a client variable set per page which can be set / unset on page transitions. From my understanding, logouts and timeouts should clear this.
https://developer.mozilla.org/en-US/docs/Web/API/Document/referrer
(May answer your above question)
@Ashish Akolkar for this requirement, client variables are the best choice.
So solution suggested by @edTheEngineer is the best approach to address your requirement.
@m.irfan.azam I think you want to tag @Ashish Lonkar :)
Yes I meant @Ashish Lonkar.
Sorry bro :)
Hi,
I dont think it is a good approach as client variables are stored in local storage of browser and can be manipulated using
localStorage.getItem/setItem
I went through it but it not clear why I am getting it as empty in OutSystems.
Hi @Ashish Lonkar ,
that is a very specific scenario you want to avoid, and it goes against normal behaviour of Outsystems apps in several ways. Being logged in is a per browser thing, so
1) Normal behaviour is : once logged in on one tab, things you do on other tabs for the same user provider are automatically logged in. This is true for opening a link, or using a shortcut, or typing in a URL, this is true for same or different application, same or different URL.
You are very specifically asking about copy - pasting an URL from an existing tab, whatever you come up with, will probably have to be a javascript / client side trick, because server side, it would be hard to distinguish between these different scenarios.
As this goes against filosophy of Outsystems normal behaviour, I think you'll have better luck googling something like 'avoid same url in other tab' without reference to Outsystems, and you'll find a mix of tricks and advice not to go there.
2) As to the response of your application once duplicate url is detected : to redirect to login : if you mean, logging user out on this particular tab and allowing him to login with other user, that won't work, login is per browser not per tab, and logging him out on this second tab, will log him out on the first, I doubt you want that. So best you could do is detect same url being used, and redirect to some sort of 'not allowed' page.
But can you share why you want this ? What goes wrong when users do this ? Why not just let them if it makes them happy. If we know the problem, maybe we can help with other solutions.
Dorine
Hi @Dorine Boudry ,
I agree that it is a very specific scenario but the client says that we see this behavior in other banking website and that's why they also want this feature (And they are correct actually many majors banks website in India has this feature), after this if we say that it goes against normal behavior of Outsystems apps sounds like we are telling them limitation of OutSystems(though that is not the case) but seriously convincing them is kind of out of question.
1. I checked google, it suggests on using document.referrer but I am getting this value as empty. Please suggest if you have any guidance for this.
2. I don't want the user to be logged out of the previous tab, he should be redirected to login page when he tries to copy paste and open URL in new tab.
One more thing, login per tab is possible in OutSystems??
1) i don't think document.referrer has any role when an url is copy-pasted, it is only filled when following a link, a.f.a.i.k.
2) no, i don't think a per tab login is possible, so logging him out on the second, will also log him out on first, you could easily make a poc and try it out
1. If document.referrer is empty then I can conclude that this page is opened by copy pasting the URL. Do u think there could be scenarios where this logic/approach could break?
2. Does it make any sense that I don't log that user out in new tab also but just redirect him to login screen, thus forcing him to login again?
I think using document.referrer is unncessary in this case.
If client variable for a page is already set then you can simply check it to decide if user already has accessed this page in another window or not.
no no no,
i can't help on this further
1) it sounds like relying on some technical trick like document.referrer is way too fragile for the functioning of a banking front-end, even from a security perspective, it maybe can be tampered with, it feels to me like a tool to use for things like statistics, not application functioning.
2) that doesn't make sense to me either, what if they log in with another user, what does that mean for the original tab ?? again, login is per browser, not per tab. As i said, it would make more sense to be redirected to a 'no duplicate tabs allowed' page.
Hi irfan,
This could create issue if we the user is trying to access from multiple platform.
I have come across this scenario recently. In screen you need to have a DataAction with Fetch property -AtStart
Add Server Action GetReferrerURL from HTTPRequestHandler extension
Check : If(DataAction1.Out1=GetBookmarkableURL(),"Copied Link","Redirect")