Hello im doing simple authentication using password / user that when the user load the first page of the web application then it is checks in the database if the pass/user its valid then it set session parameter to true and will check every page if its true. but when the session expired , or if some one enter one of the application by link ( bypass the enter page ) the checking the session is false and there is a need for the user to enter its user/password again . now what i like to do is when the session is false not to redirect to the enter page but suspend the page loading and popup security window with user and password fields, when the user enters valid user/password the page will continue to load if not it will redirect to some page . my problem is how to generate this popup window .that suspend the page .
Are you doing a full-page relaod between clicks? If so, the whole concept of a popup makes no sense since there is no page to load in the main window prior to asking for authentication. After all, you don't want to be loading the next page until after the authentication takes place, right?
Also, where are you detecting the session expiry? In a filter?
If so, you can redirect to an authentication page and store the original request info in the session (or in hidden inputs on the page if your prefer) so that after the user logs back in, you can send them to the original page that they were trying to get to.
hello well the expiration of the session checked in every page as the first function in the page i dont do page reload . and i like to avoid to sending the user to redirect page , also i dont want to store the requests i just wander if i could when the page start to load and after it checks if the session is false to suspend the page loading and popup a window that asking to user/password , and then continue the page loading if its valid
ok thanks for the help i will look into it , one more thing i dont like to send to login page, i want to open popup box that the user will enter the login/password when needed popup box like you enter to restricted area ssl protected if you know what i mean
Originally posted by Meir Yan: i dont like to send to login page, i want to open popup box
Again, why? This makes no sense to me. The popup box must appear over a page. What page is it going to appear over? You don't want to display the next page before they authenticate, do you? What if it contains sensitive information?
You can't show it on top of the previous page since you don't know until after it is submitted whether you need to authenticate the user or not.
The only thing you could do is to show the popup over a blank page, and that makes no sense to me. Why bother with a popup if there's a blank page there than can contain the login form?
Please eexplain why you feel this need to use a popup?
ok i will explain ( sorry English is not mt native language ) when user is entering the application there is the first page that it is just user and password ok the autontication is vaild the user moves to the next page then after few minuets the session is timeout . the user still in some page in the application , he click's alink when he suppose to move to the next page the popup window will arise ( he is still in the previous page ) and it will ask him for the user/pass . if it is valid it will continue to the link the user clicked if not it will redirect him to some error page i hope i made my self clear thanks
Originally posted by Meir Yan: the user still in some page in the application , he click's alink when he suppose to move to the next page the popup window will arise ( he is still in the previous page )
This is where the problem with your scenario arises. How are you going to check something (the session) on the server without submitting this page? [ August 06, 2007: Message edited by: Bear Bibeault ]