I'm creating a web application meant to be viewed by iPhones, Blackberrys etc. My problem is that, when an iPhone user adds a link to the app on their home screen, they have to log in twice.
The cycle goes like this:
User bookmarks the app's homepage
User later goes to the homepage
They are brought first to the log in screen
After logging in, they are taken to the app's homepage
As soon as they click a link, Safari opens a new window in which they are brought to the log in page again
After logging in this time, everything works as normal
It seems like a problem with Session variables, though I can't seem to find any sort of elegant solution for it.
Also, the server is running ColdFusion.
Would it be possible to drop a cookie when the user first logs in?
Related
I created a static Web site using Azure Static Web Apps (under the Free plan for now -- not sure if that's relevant to the issue at hand.) I can access the Web site through an ***.azurestaticapps.net URL.
I then tried to test Azure Active Directory authentication per Microsoft's instruction from this page:
https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-authorization
My problem is that logging out does not seems to work as I would expect on a normal Web site. I could log out, but when I tried to login again (hoping to use a different Azure AD account,) the Microsoft login screen flashes by and I got logged right back in with the user that I just logged out from. Switching to a different tab doesn't help.
Steps to repro:
Navigate to /.auth/login/aad and login using a Microsoft Account. Say NO to 'Stay signed in?' prompt.
Navigate to /.auth/me to see the basic information on the logged in account to prove that I'm in the logged in state.
Navigate to /.auth/logout to logout. Immediately, navigate to /.auth/me again to confirm that my static Web App regards me as 'logged out.' I'd see this:
{"clientPrincipal": null}
Navigate to /.auth/login/aad again. Microsoft login page flashes by, and I am logged right back in with the previously logged out user.
Things that sort of worked
Any of the two actions below alone seems to make the browser forget my logged-in state:
Close the whole browser and relaunch it. I'd get asked to pick the previous user (and then enter the password) or choose a new user. This sort of works but reminds me of some Web sites 15-20 years ago that said 'For security reasons, please don't forget to close your entire browser after logging out from this one tab.'
Open a new tab in the same browser, and navigate to hotmail.com. That tab will enjoy my logged-in state from the Static Web Apps tab. I'd see my mails right away. Then I log out from the hotmail.com tab, switch back to ***.azurestaticapps.net tab and see that I am still logged into my Static Web App. Good! Then if I log out from my Static Web App and try to log back in, it has forgotten my logged-in state this time. In other words, logging out from the hotmail.com tab is somehow more powerful.
I also tested /.auth/login/google too and the same problem arises! So the issue seems to be on the Azure Static Web Apps side, not how idPs handle their logout process.
Am I missing anything obvious?
When a user is not logged in and they navigate to a page tab made with our app, they get an obtrusive dialog asking them to log in:
This has nothing to do with http vs https, the app is not in sandbox mode, there is nothing in the tab asking for a login or user information, etc. I've gone through the app settings at least a half dozen times now, and nothing is wrong there. Aside of urls, the settings are identical to another app I have that does not suffer from this problem. I'm stumped!
Edit: here is an affected tab: https://www.facebook.com/StaticHtmlThunderpenny/app_203351739677351
This message is not about login to your app, but Facebook in general.
So my guess would be that the page your app is installed as page tab app on is restricted in some way – by age, location, or for having alcohol-related content. And then of course Facebook asks for login, because otherwise they can not determine whether or not the (as of now still “anonymous”) user qualifies to see the page.
So go check the page settings.
This is actually not app related question.
This is thumb rule!! To access any app on Facebook, you need to log in to Facebook. You can see Facebook page without log in. But for facebook apps, you should be authentic user.
with this issue in my own experience that I came across some years back with a facebook app that I was running, if this doesn't relate to any of your other social networking apps then am aligning two set of possibilities and solution.
The user might have not properly logged out as "written" in the app for the users logout stage.
Solution would be that the user logout as expected before closing the app.
The user might have set up an automatic login prompt which was removed by the app when it was been updated automatically. (If you do get me???)
Solution would be to monitise your app on updates and login informations or better still just login and logout ask intended by the app and for security reasons.
Lastly I would say that automatic bookmark database should be added to the server part so current pages as the user uses the app would be saved after logout or login stage. Thank you, hope this helps and if not let me know what am missing.
I am working on an application where I have to launch activity asking user to enter login and password to proceed further. The user will get option to save login/password. If user saves login and password, the application will not show login activity at next launch and instead should go directly to the main application screen.
I am thinking of starting application with Application class object and checking stored preferences to decide which activity is to launch. For some reason, application class is not launched, it may need some extra thing in manifest file.
Any suggestions what would be the best way to implement this kind of behaviour.
Thanks
Bsengar
Any suggestions what would be the best way to implement this kind of behaviour
A splash screen is often used for this. Your first Activity (splash screen) can display your logo/and or play music or whatever while you check your data and decide which Activity to go to next like login or main Activity. This usually shouldn't be displayed very long (maybe less than a second or so unless doing network stuff such as authenticating/loading data).
...and checking stored preferences to decide which activity is to launch
This is often how people handle this. You can check SharedPreferences in your splash screen to decide which Activity to start. If the login is stored then go to main Activity. If not then go to your login Activity.
Make sure to call finish() in your splash screen so if the user presses the back Button from login or main Activity they will exit the app instead of going to the splash screen again, unless of course that's what you want.
Good example of getting started with SharedPrefs in case you aren't familiar.
Full Docs for SharedPrefs
I wrote an application that does something very similar. In my case, I use a "remember me flag" that allows the user to indicate that they want the application to save the login id and password. If they elect this setting, the application will save the login information in preferences and pre-fill the login screen the next time the user launches the application.
I have developers working on the backend of my app using phonegap and once the user clicks facebook/twitter share a browser pops up and you can log in and share but after
that you cannot escape back to the app, if you get out of the apps altogether then try and return to my app you're right back at the facebook/twitter screen instead of in my app. This is only happening on iphon because on android they have a back button. The only way to get back into the app is to restart the iphone/ipod to get back to open
the app from beginning. I cannot have this as the only option for
people to share from my app as it would be horrible and could ruin my
app before I launch it. They say their is no way to fix it but Im sure its fixable so I am trying to get any info on this that I can.
The other issue is the facebook post itself. currently it post like this
Sent from Appname(with link to app)
www.appname
Text here
but this is kinda counter intuitive because the actual message should
be on top otherwise it will get lost in the other text. They said
this is the only way facebook allows it. Is it possible to get it like this
Text here
Sent from appname(linke here)
www.appname.com
Again any help on these two issues would be great so I can pass the
info to my developers.
I have a mobile web app that uses cookies to keep a user logged in. Works fine in safari but when added to the home screen this is ignored, making users log in every time they start the app. Anyway around this?
Thx
This looks like a promising solution: http://rubygems.org/gems/rack_iphone_web_app