This is in relation to the checkbox that allows users to stay logged in when they close their browser. In an intermediate version, we remembered the user regardless, and now we're checking the params to see if the checkbox was set. This is the line of code that confuses me:
params[:session][:remember_me] == '1' ? remember(user) : forget(user)
Specifically, why are we forgetting the user if params[:session][:remember_me] is 0? Since we have never remembered the user (I think -- I'm a major newbie), wouldn't this work:
remember(user) if (params[:session][:remember_me] == '1')
and make more sense? I tried it and it passes the tests (which are very basic), but it also seems to behave appropriately. But maybe there's some stray variable that's staying set that I'm missing because I don't know what I'm doing.
I am at the exact same point and was wondering about the exact same thing.
And I came to the conclusion: it's only about security.
Because if an user never logs out of your app, an attacker who stole her user_id and remember_token cookies could use them all the time. However if the user eventually logs in on another computer either the remember_digest attribute gets a new value or is set to nil. Either way the attacker gets locked out.
By omitting forget(user) the only time the remember_digest is set to nil is when the user deliberately logs out.
However the version remember(user) if (params[:session][:remember_me] == '1') gives the user the ability to select one "remembered" computer.
Related
[ script:es_extended] SCRIPT ERROR: #es_extended/server/functions.lua:127: attempt to index a nil value (local 'xPlayer')
[ script:es_extended] > ref (#es_extended/server/functions.lua:127)
Please help me im triggered af Thats my Fivem Console (TxAdmin) Nothing works Esx is completly broke after a server Restart
I had a look at the source code. My best guess is that the player you are using isn't registered in the MySQL database for some reason.
I am guessing this because of the following:
The immediate cause of the error is that xPlayer is nil in server/functions.lua:127
This is due to the player object not being added to the ESX.Players table in server/main.lua:239
The info necessary to make the player object is taken from MySQL on server/main.lua:115
So the most obvious explanation would be that the user wasn't found in the database. It is also possible that the program could not connect to the database at all, but it looks like the fivem-mysql-async library would raise an error instead of continuing silently, so that is less likely (although this would need testing to discount completely).
Are there any messages in the server logs that might give you a clue as to what's going on?
I want to make it so that when you fill in a field (in case) X and go to a state, it is deleted (this field should be saved in the history, I think this is done by default). This is necessary so that the user does not have to be hitting the pencil and erasing the message that comes from another state.
As I saw with a Trigger it can be done, do you have any idea?
You don't need code for it, you could do it with config changes (workflow / flow / process builder). But if you're really after a trigger - something like that.
trigger CaseTrigger on Case(before update){
for(Case c : trigger.new){
Case old = trigger.oldMap.get(c.Id);
if(c.Status != old.Status){
c.Description = null; // whichever field you want to wipe
}
}
}
Edit about 0 code solutions
Look into workflows, flows and process builder. Actually if you're starting fresh maybe focus on flows, the other 2 are bit passe and SF recommends migrating away: https://admin.salesforce.com/blog/2021/go-with-the-flow-whats-happening-with-workflow-rules-and-process-builder
Have a look at these and if you're stuck: consider posting at dedicated https://salesforce.stackexchange.com. StackOverflow is really for code related stuff, you'll reach more admins over there.
https://trailhead.salesforce.com/content/learn/modules/flow-builder
https://trailhead.salesforce.com/en/content/learn/modules/platform-app-builder-certification-maintenance-winter-21/get-handson-with-flow-before-save-trigger-when-certain-record-changes-are-made
https://salesforce.stackexchange.com/questions/301451/trigger-flow-if-a-specific-field-on-the-updated-record-changed
https://help.salesforce.com/s/articleView?id=release-notes.rn_forcecom_flow_fbuilder_prior_values_flow.htm&type=5&release=230
I have a couple of places set up, and they work correctly, except with a delay caused by this issue. They're using nested presenters.
For one place, it appears that any repeat attempt to load it causes an infinite loop of reveal error / unauthorized place (no idea why, no gatekeeper set), but then loads the page correctly. The issue I have with it is the delay and unnecessary log spam it causes - it loads the page correctly, why can't it do it without going through the loop first? Anyone have any ideas?
-- UPDATE --
I am using GWTP 1.4 with GWT 2.7.0, but the project was first created using GWTP 0.6 or maybe earlier. We've updated deprecation etc as we've upgraded, but I know there are anachronisms left.
I tried switching out our ClientPlaceManager with the default, bound the ErrorPlace and UnauthorizedPlace to our home page, and removed its gatekeeper, but it still tries to go to the error place (overrode the revealErrorPlace method and noticed it's throwing the error for a valid token that had been loaded at least once already that session. One page in particular, none of the presenter lifecycle phases are firing, though the presenter is visible (only breaking in firefox I think). I really don't understand it.
-- UPDATE 2 --
I've removed gatekeepers (even specifying #NoGatekeeper), have ensured that the error / unauthorized place have #NoGatekeeper and exists, and overrode revealPlace(request, updateUrl) to output results, and added a try/catch - and it does the exact same thing. An infinite loop, but everything is accessible. my debug output even shows it attempting to reveal the error place, but it never does, just errors out.
This is frustrating to no end.
Stacktrace:
SEVERE: Exception caught: Encountered repeated errors resulting in an infinite
loop. Make sure all users have access to the pages revealed by revealErrorPlace
and revealUnauthorizedPlace. (Note that the default implementations call
revealDefaultPlace)
com.google.gwt.event.shared.UmbrellaException: Exception caught:
Encountered repeated errors resulting in an infinite loop. Make sure all users
have access to the pages revealed by revealErrorPlace and
revealUnauthorizedPlace. (Note that the default implementations call
revealDefaultPlace)
at Unknown.fillInStackTrace_0_g$(student-0.js#36:10580)
at Unknown.Throwable_3_g$(student-0.js#8:10535)
at Unknown.Exception_3_g$(student-0.js#18:10678)
at Unknown.RuntimeException_3_g$(student-0.js#18:61481)
at Unknown.UmbrellaException_3_g$(student-0.js#25:133542)
at Unknown.UmbrellaException_5_g$(student-0.js#26:133603)
at Unknown.fireEvent_7_g$(student-0.js#13:133134)
at Unknown.fireEvent_12_g$(student-0.js#22:154354)
at Unknown.fire_8_g$(student-0.js#17:132936)
at Unknown.fireValueChangedEvent_0_g$(student-0.js#3:154358)
at Unknown.onHashChanged_0_g$(student-0.js#29:154297)
at Unknown.apply_0_g$(student-0.js#28:109006)
at Unknown.entry0_0_g$(student-0.js#16:109062)
at Unknown.anonymous(student-0.js#14:109042)
Caused by: java.lang.RuntimeException: Encountered repeated errors resulting in
an infinite loop. Make sure all users have access to the pages revealed by
revealErrorPlace and revealUnauthorizedPlace. (Note that the default
implementations call revealDefaultPlace)
at Unknown.fillInStackTrace_0_g$(student-0.js#36:10580)
at Unknown.Throwable_2_g$(student-0.js#8:10526)
at Unknown.Exception_2_g$(student-0.js#18:10672)
at Unknown.RuntimeException_2_g$(student-0.js#18:61475)
at Unknown.startError_0_g$(student-0.js#11:92009)
at Unknown.error_2_g$(student-0.js#8:91772)
at Unknown.doRevealPlace_0_g$(student-0.js#10:91762)
at Unknown.revealPlace_1_g$(student-0.js#8:91921)
at Unknown.revealPlace_0_g$(student-0.js#8:91908)
at Unknown.revealErrorPlace_1_g$(student-0.js#8:92109)
at Unknown.error_2_g$(student-0.js#8:91773)
at Unknown.doRevealPlace_0_g$(student-0.js#10:91762)
at Unknown.handleTokenChange_0_g$(student-0.js#12:91848)
at Unknown.onValueChange_4_g$(student-0.js#8:91888)
at Unknown.dispatch_87_g$(student-0.js#16:132968)
at Unknown.dispatch_88_g$(student-0.js#8:132972)
at Unknown.dispatch_0_g$(student-0.js#8:49973)
at Unknown.dispatchEvent_2_g$(student-0.js#14:133006)
at Unknown.doFire_0_g$(student-0.js#9:133250)
at Unknown.fireEvent_8_g$(student-0.js#8:133323)
at Unknown.fireEvent_7_g$(student-0.js#25:133128)
at Unknown.fireEvent_12_g$(student-0.js#22:154354)
at Unknown.fire_8_g$(student-0.js#17:132936)
at Unknown.fireValueChangedEvent_0_g$(student-0.js#3:154358)
at Unknown.onHashChanged_0_g$(student-0.js#29:154297)
at Unknown.apply_0_g$(student-0.js#28:109006)
at Unknown.entry0_0_g$(student-0.js#16:109062)
at Unknown.anonymous(student-0.js#14:109042)
If you're using the DefaultPlaceManager, make sure you have bound DefaultPlace, ErrorPlace and UnauthorizedPlace to Presenter name tokens in your Gin module.
From DefaultPlaceManager's javadoc (http://arcbees.github.io/GWTP/javadoc/apidocs/com/gwtplatform/mvp/client/proxy/DefaultPlaceManager.html):
Important! If you use this class, don't forget to bind DefaultPlace,
ErrorPlace and UnauthorizedPlace to Presenter name tokens in your Gin
module.
Note: The default, error and unauthorized places are revealed without
updating the browser's URL (hence the false value passed in
revealPlace). This will avoid stepping into an infinite navigation
loop if the user navigates back (using the browser's back button).
Here's an example of infinite navigation loop that we want to avoid:
An unauthenticated hits #admin (a place reserved to authenticated
admins) The #unauthorized place is revealed, and the browser's URL is
updated to #unauthorized The user clicks the back button in his
browser, lands in #admin, then #unauthorized, then #admin, and so on.
Also, from https://github.com/ArcBees/GWTP/issues/296:
Verify that the Interface of the Proxy in your Presenter inherit from
ProxyPlace.
This is a weird one. :)
I have a script running under Apache 1.3, with Apache::PerlRun option of mod_perl. It uses the standard CGI.pm module. It's a regularly accessed script on a busy server, accessed over https.
The URL is typically something like...
/script.pl?action=edit&id=47049
Which is then brought into Perl the usual way...
my $action = $cgi->param("action");
my $id = $cgi->param("id");
This has been working successfully for a couple of years. However we started getting support requests this week from our customers who were accessing this script and getting blank pages. We already had a line like the following that put the current URL into a form we use for customers to report an issue about a page...
$cgi->url(-query => 1);
And when we view source of the page, the result of that command is the same URL, but with an entirely different query string.
/script.pl?action=login&user=foo&password=bar
A query string that we recognise as being from a totally different script elsewhere on our system.
However crazy it sounds, it seems that when users are accessing a URL with a query string, the query string that the script is seeing is one from a previous request on another script. Of course the script can't handle that action and outputs nothing.
We have some automated test scripts running to see how often this happens, and it's not every time. To throw some extra confusion into the mix, after an Apache restart, the problem seems to initially disappear completely only to come back later. So whatever is causing it is somehow relieved by a restart, but we can't see how Apache can possibly take the request from one user and mix it up with another.
This, it appears, is an interesting combination of Apache 1.3, mod_perl 1.31, CGI.pm and Apache::GTopLimit.
A bug was logged against CGI.pm in May last year: RT #57184
Which also references CGI.pm params not being cleared?
CGI.pm registers a cleanup handler in order to cleanup all of it's cache.... (line 360)
$r->register_cleanup(\&CGI::_reset_globals);
Apache::GTopLimit (like Apache::SizeLimit mentioned in the bug report) also has a handler like this:
$r->post_connection(\&exit_if_too_big) if $r->is_main;
In pre mod_perl 1.31, post_connection and register_cleanup appears to push onto the stack, while in 1.31 it appears as if the GTopLimit one clobbers the CGI.pm entry. So if your GTopLimit function fires because the Apache process has got to large, then CGI.pm won't be cleaned up, leaving it open to returning the same parameters the next time you use it.
The solution seems to be to change line 360 of CGI.pm to;
$r->push_handlers( 'PerlCleanupHandler', \&CGI::_reset_globals);
Which explicitly pushes the handler onto the list.
Our restart of Apache temporarily resolved the problem because it reduced the size of all the processes and gave GTopLimit no reason to fire.
And we assume it has appeared over the past few weeks because we have increased the size of the Apache process either through new developments which included something that wasn't before.
All tests so far point to this being the issue, so fingers crossed it is!
I am programming a SCORM 2004 product.
I can update the session_time, it works.
I can set the status (passed, failed, etc...)
I also can get the cmi.location time. No problems !
But I don't succeed to get the total time ! (cmi.total_time).
I have tested on 2 LMS :
On Ganesha the API.GetValue('cmi.total_time') is an empty string.
On Moodle the API.GetValue('cmi.total_time') is just a "P".
However i do have the correct logs with correct session times.
Anybody have an idea ?
Thank you !
EDIT.
I also try on cloud.scorm.com and cmi.total_time returns each time PT0H0M0S.
EDIT2. Ooops I deleted Donal's edit.
Based upon the information you've provided, I'm guessing that you're trying to set cmi.session_time and get cmi.total_time in the same learner session, which wouldn't give the response you're expecting.
cmi.total_time contains the total duration of all learner sessions prior to the current one, meaning that it won't contain the value you'd expect it to have until the second learner session.
Once you've set cmi.session_time, close the current learner session by leaving the SCO you're on, and then coming back to it. You should then see that cmi.total_time is now populated with a valid value.
Good Luck!
When you resume the second session and try to retrieve total time, are you able to retrieve the value you stored for cmi.location in the first session? If not, then you are probably not suspending the session. In order for data to be available in the next launch, you need to set cmi.exit to suspend before terminating the first session.
Mike