Checking for the existence of an active session - SSO

Owned by ubisebastian
2022-01-16
2 min read

Ubisecure SSO can serve different content for certain URLs, depending on whether an SSO session is currently active or not. A web site can display different content to authenticated and unauthenticated users even on a page where a Ubisecure Web Application or SAML SP product is not used.

Three examples are given in this chapter. These same mechanisms can be used in many ways and in combination with other JavaScript and Ajax techniques.

Beginning from Ubisecure SSO version 6.0, there is no need to manually configure anything to be able to use the different session status URLs and JavaScript; it is a built-in functionality. Following examples show how these functionalities can be used.

Example 1

In this example, getStatus is called using JavaScript. It returns true if the user is logged in and false if there is no active session.

The address
https://www.example.com/uas/refresh/status.js

  • returns true if a session exists
  • returns false if a session does not exist
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> 

<head>
<title>status.htm</title>
<script src="https://www.example.com/uas/refresh/status.js" type="text/javascript"></script>
<script type="text/javascript">
function OnLoad() {
	var script = new SingleSignOnStatus();
	document.getElementById("script").innerHTML = script.GetStatus();
}
</script>
</head> 

<body onload="OnLoad()">
<h1>status.htm</h1>
<p>SSO Session Status (script): <span id="script">wait...</span></p>
</body>
 
</html>

Example 2

In this example, we check for the success of loading an image from the Ubisecure SSO. This technique has an advantage in that it will not block the browser if Ubisecure SSO is non-responsive.

If there is an active session, a transparent 1x1 pixel image is returned from Ubisecure SSO. The onload event is fired. In the example below, text "true" is shown. Similarly this could initiate any JavaScript function.

If there is no active session, a 404 error is returned from Ubisecure SSO. The onerror event is fired in this situation. In the example below, a text "false" is shown. Similarly this could initiate any JavaScript function.

The address
https://www.example.com/uas/refresh/status.gif

  • returns the contents of an image if a session exists
  • returns a 404 error if a session does not exist
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> 


<head>
<title>status.htm</title>
<script type="text/javascript">
function OnLoadIMG(status) {
	document.getElementById("img").innerHTML = status;
}
</script>
</head> 


<body>
<h1>status.htm</h1>
<p>SSO Session Status (img): <span id="img">wait...</span><img onload="OnLoadIMG(true)" onerror="OnLoadIMG(false)" src="https://www.example.com/uas/refresh/status.gif" style="display:none;"/></p>
</body> 


</html>

Example 3

In this example, we show the user one image if they are logged in, and a different image if they are not logged in. A third, locally stored image can be shown if the Ubisecure SSO returns an error condition or times out (depending on browser and JavaScript implementations).

The address
https://www.example.com/uas/refresh/symbol.png

  • returns the contents of resources/images/success.png if a session exists
  • returns the contents of resources/images/failure.png if a session does not exist

If the Ubisecure SSO returns an error, the onerror event sets the image to a locally stored image, failure.png.

<html>
<body> 


<p>
This image <img src="https://www.example.com/uas/refresh/symbol.png" onerror="this.onerror=null;this.src='failure.png';" />
will be green if the user has a valid SSO session, or red if not. A local image is shown if for some reason the UAS server returns an error.
</p> 

</body>
</html>

Ubisecure Privacy Policy & Cookie Statement