如何保持用户使用弹出窗口登录?
[英]How do you keep a user logged in with a popup window?
问题描述
I have an application that requires the user to reenter their password between 15 and 30 minutes of inactivity to allow them to carry on with what they were doing. 
我有一个应用程序,要求用户在15到30分钟不活动之间重新输入密码,以允许他们继续自己的工作。
My current idea is to have a piece of javascript that calls a popup after 15 minutes, asking the user to log in again. 我当前的想法是使用一段JavaScript,在15分钟后调用一个弹出窗口,要求用户再次登录。 The site as a whole has a 15 minute forms authentication timeout, and a 30 minute session timeout. 该站点整体上有15分钟的表单身份验证超时和30分钟的会话超时。
I would then like it to allow the original page to have a postback if the user successfully authenticates themselves in the popup. 然后,如果用户在弹出窗口中成功对其进行身份验证,我希望它允许原始页面进行回发。
Currently I have the popup working (with a 15 minute countdown using JS) and the user is able to log in again, however when the popup window is closed and the user attempts to perform an action on their original page, they are asked to log in again. 目前,我正在使用弹出式窗口(使用JS进行15分钟的倒计时),并且用户可以再次登录,但是当弹出窗口关闭并且用户尝试在其原始页面上执行操作时,系统要求他们登录再次。
I assume this is because their original cookie that was attached to the original page will have now expired, and it won't detect the new one. 我认为这是因为附加在原始页面上的原始cookie现在已经过期,并且不会检测到新的cookie。
How can I pass the successful authentication from the popup window to the original page? 如何将成功的身份验证从弹出窗口传递到原始页面?
3 个解决方案
解决方案1
1 2009-05-14 16:02:58
I'd create a panel that requires the password, and has a proper code behind method through a button. 我将创建一个需要密码的面板,并通过一个按钮在方法后面有一个正确的代码。
Then you can use AJAX or jQuery to trigger a modal "popup" box to require them to submit the details. 然后,您可以使用AJAX或jQuery触发模式“弹出”框,要求他们提交详细信息。 By doing this, you can keep everything on a single page without having to worry about passing credentials between pages/forms/tabs/whatever. 这样,您可以将所有内容保存在单个页面上,而不必担心在页面/表单/选项卡/任何页面之间传递凭据。
In addition, you can have 1 script method that fires after x minutes to prompt for the refresh, and have a second javascript that fires after x + 2 minutes to log the user out of the application, should they fail to respond. 此外,您可以使用1种脚本方法在x分钟后触发以提示刷新,并可以使用另一种JavaScript方法在x + 2分钟后触发以将用户退出应用程序(如果他们无法响应)。
Your code behind method can properly reset all the cookie and reset the timeouts and can be reused on any page you wish. 您的方法代码可以正确地重置所有cookie并重置超时,并且可以在所需的任何页面上重复使用。
解决方案2
1 已采纳 2009-05-14 16:05:38
If you add a meta tag, or a hidden div, that populates the authentication token in the content attribute for a meta tag, and just in the div body for a hidden div, you could grab it from the popup window like this... 如果您添加一个元标记或隐藏的div,该标记将身份验证令牌填充在meta标签的content属性中,并且仅在div主体中的隐藏的div中,您可以像这样从弹出窗口中获取它...
var debugWin = window.open('','aWindow','width=600,height=600,scrollbars=yes');
var somevar = debugWin.document.body.getElementById("my_hidden_div_id").innerText;
Then you could update the session cookie with the contents of somevar from JavaScript. 然后,您可以使用JavaScript中somevar的内容更新会话cookie。 As long as you maintain the handle to the window, you should be able to get at the window's DOM. 只要您维护窗口的句柄,您就应该能够获取窗口的DOM。
There may be some cross browser variance in how you get at the dom, I think IE has a slightly different method, but it is easily tested for and the result is the same. 进入dom的方式可能会有一些跨浏览器的差异,我认为IE的方法略有不同,但易于测试,结果是相同的。
解决方案3
0 2009-05-14 15:56:18
It's better to use frames. 最好使用框架。 Make the top frame 0 height and have itself refresh periodically. 使顶部框架的高度为0,并使其自身定期刷新。 This way it doesn't get blocked or accidentally closed. 这样,它不会被阻塞或意外关闭。 You may also want to investigate doing the same with Ajax instead. 您可能还想研究使用Ajax做同样的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.