php - Laravel 4.2 ajax request loop logs a user back in after logout -


i ran interesting bug took bit identify.

we have standard auth setup in place.

auth::check() see if logged in. if are, go dashboard. if aren't, take them login screen.

the dashboard view loops through several ajax calls fill in various sections of dashboard. discovered if user tries logout before ajax calls completed, redirected on dashboard , still logged in (i've verified go through logout process , auth::check() returns false).

if try , logout after ajax calls complete (or if disable ajax calls), works expected , logged out , redirected login screen.

the basic structure is:

routes.php

route::get('/', array('as' => 'home', 'uses' => 'homecontroller@getindex'));  route::get('/login', array('as' => 'login', 'uses' => 'authcontroller@getlogin'))->before('guest'); route::post('/login', array( 'uses' => 'authcontroller@postlogin'))->before('csrf');  route::get('/logout', array('as' => 'logout','uses' => 'authcontroller@getlogout'))->before('auth');  route::get('/dashboard', array('as' => 'dashboard', 'uses' => 'dashboardcontroller@getindex'))->before('auth'); route::post('/dashboard/panel', array('as' => 'getpaneldata', 'uses' => 'dashboardcontroller@getdashboardpaneldata'))->before('auth'); /* /dashboard/panel recieves ajax call data , returns result */

homecontroller.php

class homecontroller extends basecontroller {      public function getindex()     {                if(auth::check()) {             return redirect::route('dashboard');         } else {             session::flush();             return redirect::route('login');         }            }  }

dashboardcontroller.php

public function getindex() {     return view::make('layouts.dashboard.index'); }  public function getdashboardpaneldata() {    // gets data ajax call , returns result }

i've thought couple of solutions, 1 being kill unfinished ajax requests when click logout button, or removing auth filter panels route, i'm unsure if first idea , i'm wary of latter security stand point.

edit:

you can ignore loop part in of this. if take loop out , run 1 ajax call, if log out in middle of ajax call still issue logs out , logs in again.

add. edit:

i tried removing auth filter on /dashboard/panel , doesn't fix problem.

edit:

here's auth filter, it's pretty standard.

route::filter('auth', function() {     if (auth::guest()) return redirect::guest('login'); });

partial solution: in case, dashboard panels don't require access authenticated user. did check path in session config , if matches dashboard panels, change session driver array (which won't rewrite file session, thereby allowing full logout).

in session.php:

'driver' => request::path() === 'dashboard/panel' ? 'array' : 'file',

again, it's not ideal solution all, in case sufficient.

ajax calls should return 401 status code (unauthorized). attach event handler document , make redirection login page:

$(document).ajaxerror(function(event, xhr, settings, thrownerror) {     if(xhr.status == "401") {                    window.location.href = "/login";              }   });

edit: example of route filter:

route::filter('auth', function() {        if (auth::guest())  {         if (request::ajax()) {                       return response::json('permission_denied', 401);         }         else {             return redirect::guest('login');         }      }     });

Comments

Post a Comment

Popular posts from this blog

1111. appearing after print sequence - php -

morning, i have code takes string of shoe sizes, explodes , puts in table. code works , info displayed correctly on page after table there few 1's after table. i'm confused this. so table looks (in columns of 3 on webpage) available in following sizes: 3 4 5 6 9 10 111 here's codes, purpose of example $x = 3|4|6|10|9 function get_sizes_pipe($x) { $counter = 0; $splits = explode("|",$x); asort($splits); $x = print "<table class='greentable'>"; $x .= print "<thead><tr><th scope='col' colspan='3' abbr='starter'>available in following sizes:</th></tr></thead><tbody><tr>"; foreach ($splits $split) { $entry = print "<td>".$split."</td>"; if($counter == 2){ $entry .= print "</tr><tr>"; $counter =0; } else { $counter++; ...
Read more

java - WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/board/] in DispatcherServlet with name 'appServlet' -

this question has answer here: why spring mvc respond 404 , report “no mapping found http request uri […] in dispatcherservlet”? 3 answers i trying making simple bbs i'm encountering following error, warn : org.springframework.web.servlet.pagenotfound - no mapping found http request uri [/board/] in dispatcherservlet name 'appservlet' i have tried solve error many times, have failed. how can solve error? here web.xml, controllerand , servlet-context. my web.xml <?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-nam...
Read more

Ruby on Rails, ActiveRecord, Postgres, UTF-8 and ASCII-8BIT encodings -

weirdest error, who’s challenge try , me? spent hours yesterday on , it’s magic. can't believe happening , it's driving me crazy. btw, using: rails 4.2.3 ruby 2.2.3 pg 0.18 encoding.default_internal = encoding.default_external = utf-8 config.encoding = 'utf-8' it has postgres, activerecord , encodings! turns out we’ve been getting these errors whenever create new users on database special characters: encoding::undefinedconversionerror: "\xc3" ascii-8bit utf-8 \xc3 may vary depending on characters. weird part we’ve set since beginning utf-8. makes no sense , digged it, , used script: user.all.each |user| user.attributes.each |name, value| if value.is_a? string puts user.email + name.encoding.to_s + value.encoding.to_s end end end and output of 1 of users, users same: dr_lottahelp@blahblah.comutf-8utf-8 dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8asci...
Read more