Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Persistent login (e.g. users logs in for two weeks)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Persistent login (e.g. users logs in for two weeks)

    At present my mobile app requires that a user login with a username
    and password every time they hit the app.

    Most commercial apps allow you log in and stay logged in for a couple of weeks.

    Has anyone determined an easy way to accomplish this without undue coding?


    My app is typically accessed via a Phonegap app on a device rather than
    a simple URL hit.

    Thanks for any community input!

    #2
    Re: Persistent login (e.g. users logs in for two weeks)

    Anyone have an answer? Thanks for your input!
    NWCOPRO: Nuisance Wildlife Control Software My Application: http://www.nwcopro.com "Without forgetting, we would have no memory at all...now what was I saying?"

    Comment


      #3
      Re: Persistent login (e.g. users logs in for two weeks)

      You can set the session timeout in the WAS itself, or you can code it on startup:
      Session.Timeout - (read-write) The timeout, in minutes, for this session.
      A new value must be specified in whole minutes. The minimum timeout is 1 minute and the maximum is 525600 minutes (365 days).
      The default is 15 minutes.
      Peter
      AlphaBase Solutions, LLC

      [email protected]
      https://www.alphabasesolutions.com


      Comment


        #4
        Re: Persistent login (e.g. users logs in for two weeks)

        not what were after here, there's no way to "remember me" and we don't know how to code it. I use the usual login component that alpha provides and theres a remember me check box, however in the sample phone gap login panel there isn't a remember me check box. I for one have no clue how to make a username persistently show up on reloading the phonegap app.
        My web interface is perfect and works like you suggest and I set my sesion timeout to about 2 hrs. but again that's irrelevant to the question.
        Any help you be with the remember me option in a UX would be super
        NWCOPRO: Nuisance Wildlife Control Software My Application: http://www.nwcopro.com "Without forgetting, we would have no memory at all...now what was I saying?"

        Comment


          #5
          Re: Persistent login (e.g. users logs in for two weeks)

          The web security does have legacy options to set the login expiration policy to "Defined time after last page access" and "Defined time after initial login". But as you point out, there is no way to for the user to select the remember me option except in a login component. This is by design

          These options are highly discouraged, and may be removed in later Alpha Anywhere versions. There are a couple primary reasons.
          1. The first is security, as it isn't possible to know if the last logged in user is the current user. This is not a significant issue if the security is only being used only for user identification and not for user authentication and access control. There are some resources such as social media that do have a long term login method, typically limited to 2 months. Others, such as user forums, may have a much longer expiration period. In most cases, this is considered very insecure as it allows any user with access to a device to reach the user information of the person who originally signed on using that device.
          2. The second is that session variables can not be used in the application as they are deleted when the user session times out, typically after 15 minutes of inactivity. If any session variables are created at login, they are lost when the session times out. We don't recommend session timeouts greater that 30 minutes and in some systems (such as any falling under government regulation) there may be a legal session limit. For example, any system that contains data that falls under HIPAA regulation can not have a session timeout greater that 30 minutes.
          3. Other systems such as IIS limit all login expirations to the session expiration.


          If all you want to do is identify a user for some period of time, such as saving their name, and you are using a browser, you can create a cookie and place it on the user machine. The cookie can be set for any expiration time, such as 2 months. Every page request will have the value in the cookie until the cookie expires.

          While not recommended, it is possible to store user information in the cookie and automatically log the user into the system. This would require a user id and password. Obviously, this data should be encrypted in the cookie as it is very sensitive. A user defined function could be added to an initial landing page to check for the cookie, decrypt the data, and then use a function such as a5ws_login_user() to log in the user from the values.

          Comment


            #6
            Re: Persistent login (e.g. users logs in for two weeks)

            You guys and your security...obviously you should build and prepare for high security, but why not be able to make it as user friendly as possible and simply customized? I get the HIPAA bs stuff - but we are talking about an app not that's not necessarily rocket science. I know of many an app I sign in and when I reload the app I dont have to sign in again...it just loads.
            Again, add in all the security features you want but why in the world do we all have to suffer the high security measures? Perhaps we are building an app that isnt really that important, might be an app for my website www.adultsheepfinder.us (and yeah I do own that, lol - don't ask!)
            No offense Jerry, I am just pointing out that there are many types of apps that we might want to build, and yeah maybe security isnt as big an issue...
            NWCOPRO: Nuisance Wildlife Control Software My Application: http://www.nwcopro.com "Without forgetting, we would have no memory at all...now what was I saying?"

            Comment


              #7
              Re: Persistent login (e.g. users logs in for two weeks)

              Charles,

              The developers of those apps that allow you to stay logged in are most likely using the method Jerry has explained. Create a cookie and store the login info in it. He did offer a solution. If I were Alpha I would not provide an out-of-the-box less secure option. I think it's reasonable to expect that if you want to circumvent best practices as far as security is concerned that it be something you develop and assume total risk for. I know Jay Talbot has created a similar solution for one of his apps so you can accomplish what you want with Alpha, you just have to do some coding. That is just my humble opinion.

              Comment


                #8
                Re: Persistent login (e.g. users logs in for two weeks)

                Alan,

                I worked out the process to do what you want. It requires multiple scripts in different places. I will send it to you to test out, then I can provide to others. I don't think security-related scripts should go on this forum so I will provide as a download on IADN.COM.

                For reference, here is what has to happen:
                • On the page that contains the login dialog, if the user logs in capture the userid and password, encrypt and store as a cookie.
                • On all pages where you want user to auto-login, look for the cookie and log them in if it exists
                • Ignore the two above tasks if the user is already logged in
                • On the logout page be sure to destroy the cookie (because the user explicitly logged out) otherwise the user can never logout


                So if the user does not explicitly log out, they are auto-logged in when they return for the life of the cookie, which can be set to any period of time. The feature even survives a server reboot. But of course it only works from the same computer where they initially logged in.

                This is similar to how I built the "Single Sign-on" feature except that does not use a cookie, gets credentials from the LDAP server.
                Steve Wood
                See my profile on IADN

                Comment


                  #9
                  Re: Persistent login (e.g. users logs in for two weeks)

                  Steve, thanks. I just got back from months on the road (oddly in the SanFran Bay area). I'm firing up all my Alpha apps (a suite of 8+) for a final push to initial release in the next 3 to 4 weeks. A "remember me" feature will be part of our priority. As noted by others, it's a fairly common expectation in modern apps (including many finance related apps). If a workaround wasn't present then I was planning to build my own (as you note, cookie, encrypt, back-end handshake). However, if you have something, I'm all ears! I'll be in touch in the next day or so.

                  Comment


                    #10
                    Re: Persistent login (e.g. users logs in for two weeks)

                    "oddly in the SanFran Bay area". I resemble that remark! Next time give me a call, I am about 40 minutes out of San Francisco.
                    Steve Wood
                    See my profile on IADN

                    Comment


                      #11
                      Re: Persistent login (e.g. users logs in for two weeks)

                      Steve,

                      I'll test out your solution as well if you're willing to share it twice?

                      Thanks

                      Comment


                        #12
                        Re: Persistent login (e.g. users logs in for two weeks)

                        I will send it along. I tested it on a spare machine and stayed logged in all day long even though my server session expiration is 6 hours. One thing I noted, you have to structure your application such that all required session variables will re-populate as necessary when you return to the machine. That is because technically, my browser DID logout when my session expired, but upon refreshing the browser the cookie provided credentials and I was re-logged. So, really this is not a "stay logged in" solution. It is an "automatic re-login" solution where the cookie determines the life.
                        Steve Wood
                        See my profile on IADN

                        Comment


                          #13
                          Re: Persistent login (e.g. users logs in for two weeks)

                          I would have expected an "auto login" process. When a persistent connection is dropped or doesn't exist in the first place, your options are either to have no security and a simple session ID (which generally doesn't happen any more) or you have re-authorize, generally in conjunction with a session ID if there is ongoing session work.

                          So it sounds reasonable and expected Steve. Thanks.

                          Comment


                            #14
                            Re: Persistent login (e.g. users logs in for two weeks)

                            Steve,

                            Thanks much for the code. After cleaning up some other tasks I finally managed attempt
                            to install your code.

                            I realized only then that it was geared for login/logout components in actual A5W pages
                            rather than in a mobile UX environment.

                            Ultimately I'll have to come up with an elegant and secure solution (or Alpha / Phonegap will).

                            Or... I'll have to make the first page hit by the Phonegap app be an A5W page.

                            For now I'll leave it. When I get a solution set up for UX components I'll post it back here.

                            Thanks again,

                            Allan

                            Originally posted by Steve Wood View Post
                            I will send it along. I tested it on a spare machine and stayed logged in all day long even though my server session expiration is 6 hours. One thing I noted, you have to structure your application such that all required session variables will re-populate as necessary when you return to the machine. That is because technically, my browser DID logout when my session expired, but upon refreshing the browser the cookie provided credentials and I was re-logged. So, really this is not a "stay logged in" solution. It is an "automatic re-login" solution where the cookie determines the life.

                            Comment


                              #15
                              Re: Persistent login (e.g. users logs in for two weeks)

                              Hey guys, may I have the code to provide "automatic re-login" code as my bus got exhausted of log in again and again for one page.
                              Could any one share with me the code or any instruction for that ?

                              Mo

                              Comment

                              Working...
                              X