|
|
|
|
|
|
|
|
|
|
|
|
|
|
WEB SITE MANAGEMENT
Keeping user credentials in a frameset
By Chris Stoner a.k.a. GreenJellybean
It's often very helpful to know what's going on "under the covers." The way each Web browser handles the pages our sites serve up is important to understand, because the user experience is really based upon what they actually see, not what we intended for them to see. For example, I frequently encounter questions from people having difficulty with user credentials. Therefore, I thought I'd address the issue once and for all in this article.
We have a situation here
I came across a scenario recently where I allowed anonymous users to browse my Web site and only have to login if they really wanted to do something interactive. However, once logged in, many users were still not seeing any changes to the site. I had special buttons that should've been displayed, but they weren't.
After some testing, I found that the users' Web browsers would cache pages with anonymous access and often not pass the user credentials to the server. This meant that even after successfully logging into the site, they would still see only what anonymous users see, instead of what would normally be displayed for authenticated users.
A little testing goes a long way
Here's how the whole thing went down. It came about that a few users would log into the site and expect to see the action buttons that only authenticated users should see. My first thought was that the browser was caching the page, so I put a META Tag (<META HTTP-EQUIV="expires" CONTENT="0">) in the Header. My hope was the tag would force the browser to go back to the server each time this page was accessed. While that little tag is often a lifesaver, it didn't work in this case.
My frameset consisted of two frames, with a thin left frame containing some View links and some basic actions (Login, Email, Webmaster, etc.). The right frame was where the Views and Documents would load. It was very simple and straightforward, so why wasn't it working?
The first thing to figure out was whether or not the user had really logged in. I put a ComputedForDisplay field in the left frame that would show the current username. Then I copied that field and pasted it into the $$ViewTemplateDefault. I was amazed to see that it came up "anonymous" in the right frame, but with my login name, "Chris Stoner," in the left frame!
Caching those credentials
Perplexed by this behavior, I tried, after much trial and error, launching the View in a separate window and appending "&login" to the URL. Voila! The new field correctly calculated "Chris Stoner." It seemed that I needed to authenticate in each frame in order to override the cached anonymous credentials that the frame was, by default, serving up.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
PistolStar: Lotus Notes Authentication That Breaks the Status Quo
Password Power's complete integration with the Microsoft Active Directory password enables Notes client access, ends time-consuming Notes ID password recovery and addresses known issues with Notes 8.5:
- Passwords are encrypted in volatile memory - not stored on user's hard drive
- Notes roaming capabilities are fully functional - not limited
- Password checking is honored - no decreased security or failed compliance
- All Notes ID file copies are synched automatically with Active Directory password - no remembering old passwords or restoring ID files
Learn more about Password Power's powerful, advanced functionality. |
-- Advertisement --
Easy Domino Access: Remove Passwords, End Login Prompts, Reduce Password Management
PistolStar's Password Power provides browser-based single sign-on to Lotus Domino, Sametime and Quickr with the enhanced security of the Kerberos or NTLM authentication protocol.
- Full support available for NTLM authentication protocol in non-Active Directory environments
- Seamlessly integrate Microsoft Active Directory and the Kerberos authentication protocol
- Leverage Active Directory password policies to unify Lotus applications
Learn more about Password Power's powerful, advanced functionality. |
|
|
|
|
|
|
|
|
|
|
