Firing off some url requests (GET) after page load
After a user logs off from our web-site we need to fire off some HTTP requests to 2-3 other external urls (we don't need a response from these btw).
T开发者_运维百科he url request must be performed on the client as the requests will cause a log-off to be performed on these external sites on the users current session.
The only way I thought that this could be achieved would be to render some invisible iframes and set the url to each of them so that when the page loads the requests will be executed.
Is there another way this could be achieved? The above solution seems a bit hacky.
EDIT: I cannot use JS for this as we need to conform to standards.
In order to do this purely server side the server would need to be able to identify itself as the user to the external sites. The user will usually be identified by a cookie when accessing the external site which means that the server would need this cookie to be able to correctly identify itself.
Unfortunately (for you, fortunately for web security the world over) a site is not able to get hold of the data from cookies for other sites. And so isn't able to identify itself in this way.
Sites can incorporate other ways of identifying accesses. An example might be the cookieless sessions in ASP.NET which uses a unique key in the url (I believe) or if some kind of trust has been set up between servers you can do authentication via secure trusted communication. However, these may well still not be sufficient to log a user out. eg in the latter case the server might be able to identify as a given user to an external site but that external site would still need to have implemented code to log off all sessions since the server connection would be in a different session to the user connection.
This leave us with having to do things on the client. Javascript is the logical solution to this. You would need to have a javascript function linked to your "logout" button and use that function to send the requests to the external servers before actually hitting your ASP.NET page to log out of your site. You could do this by either opening new windows with the external site logout page (has the advantage that your user will know they are logged out of these other sites) or do the requests directly through the javascript.
This question shoudl help you with firing off the javscript requests: HTTP GET request in JavaScript?
If as in this case javascript is not allowed then another method must be used to make the calls to the remote server. There are a few options available for this which include your suggestion of iframes which have the advantage they could be displayed if wanted (eg the user wants visual confirmation of the logout) but might be a little more than you need (since you don't need to load up all the HTML into a dom, etc). Another option would be to (ab)use an image tag. Put the logout url as the image source and it will go off and get it. What comes back won't be a valid image so you'll just get a broken image tag. This can of course be hidden by a variety of means.
There may be other tags I've not thought of that will work for this (thoughts include a tag though that may work but may well not and probably other tags I've not thought of). You'll have to experiment if you want others.
Personally I'd probably stick with the iframes but have them visible on your logout screen (possibly with javascript that hides them and displays a button to show them).
Why don't you send those requests from the server just before signing out? There you have all the necessary context information from the client (like authentication cookies, etc...) which could be delegated to the remote sites when performing the request. If you don't care about the response you could fire those requests in separate threads to avoid blocking the client.
Check this question: How to send http request in asp.net without waiting for a response and without tying up resources
精彩评论