Anonymous_User Absent Member.
Absent Member.
163 views

Advice about form-fill


Hi,
I am using a form-fill policy to sign on to a website. The initial login
form is at "sunrise.dmu.ac.uk/SUsers"; every other page uses the URL
"sunrise.dmu.ac.uk/SUsers/" (note the trailing "/"). Logout takes you
to the login form, but the URL has the trailing "/" so it does not hit
the form-fill policy, which is fine as I do not want the user to be
logged in again. There are no cgi parameters to indicate logout. What
I want to do is "trap" the logout and redirect somewhere else, so as not
to display the login form again. I usually use an authorisation policy
to do a redirect like this but as all the URLs are the same in this app
this will not work. What I am doing is using a second form fill policy
on "/Susers/" which only contains a form fill failure, but which has a
page matching criteria that matches only the login form, and which
redirects to the location required. This works, but the problem is
every single page hits this form fill policy as they have the same URL.
They all fail the page matching criteria, except the final logout page
(which is the login form) which is redirected to the URL specified.
This seems inefficient to me. Does anyone else have another way of
doing this i.e. detecting a page based on some text and redirecting to
another URL, which does not involve using a form-fill policy?
Thanks in advance.
Steve Tennant.


--
sttennant
------------------------------------------------------------------------
sttennant's Profile: https://forums.netiq.com/member.php?userid=389
View this thread: https://forums.netiq.com/showthread.php?t=51042

0 Likes
4 Replies
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: Advice about form-fill

sttennant,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.netiq.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.netiq.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.netiq.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your NetIQ Forums Team
http://forums.netiq.com


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Advice about form-fill


I'm assuming that the only difference is the lack of a session cookie
once the user is logged out? If so, does this cookie have the HTTPOnly
flag set?

If the cookie is not HTTP only, you could use javascript to read the
state of the cookie and redirect the browser based on that. You can
either add this in the FF policy, or if you have a new enough version of
NAM, you can add a separate javascript injection policy.


--
MatthewEhle
------------------------------------------------------------------------
MatthewEhle's Profile: https://forums.netiq.com/member.php?userid=4
View this thread: https://forums.netiq.com/showthread.php?t=51042

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Advice about form-fill


Hi Matthew,
Thanks for the reply, but I am not sure I understand you. I have no
idea how you would read a cookie in Java script. I am not a web
developer. Thanks anyway.
Regards


--
sttennant
------------------------------------------------------------------------
sttennant's Profile: https://forums.netiq.com/member.php?userid=389
View this thread: https://forums.netiq.com/showthread.php?t=51042

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Advice about form-fill


sttennant;245621 Wrote:
> Hi Matthew,
> Thanks for the reply, but I am not sure I understand you. I have no
> idea how you would read a cookie in Java script. I am not a web
> developer. Thanks anyway.
> Regards


No problem. I only suggest that as it sounds like there are no other
differences that indicate logout. The form fill policy is pretty good
at figuring things out, but with all the different ways a login page can
be done, it can't get everything. The JavaScript injection feature is
there to allow someone to customize the form fill to fit those cases.

Good luck!


--
MatthewEhle
------------------------------------------------------------------------
MatthewEhle's Profile: https://forums.netiq.com/member.php?userid=4
View this thread: https://forums.netiq.com/showthread.php?t=51042

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.