Redirect Session
Description
The Redirect Session part allows you to have your application redirect your users from the current page to a location you specify in the part.
Node Type: This part is located in the Misc menu of the Process node.
Used With: This part can be used with all frameworks as well as with applications built without a framework.
Editor Fields
Field Name | Description/Use | Type/Options | Optional/Mandatory |
Mode | Session: Choose this option for redirecting to another existing package. URL: This option redirects the user to the configured URL. Back: This option redirects the user to the start of the application. This can be useful if, for example, the user stepped through a logicnet and wants to start from the beginning. |
Options | Mandatory |
Package | This is only required when Mode = Session. Specify the name of the published package to which to redirect the user. The name of the package must be the name you gave to the published project. |
Text | Data Object | Mandatory |
Session-id | This is only required when Mode = Session. Specify the id of the session. The session must already exist in order to redirect to it. You can find the session id in the URL; for example, the bold text in the following URL is the session id: http://application.logicnets.com/[company name]/users/KnowledgeCenter/logicnets.lns?_session=7644057772309D796F3A4AB522781C4E. |
Text | Mandatory |
URL | This is only required when Mode = URL. Specify the location of the website to which to redirect the user; for example: www.logicnets.com. See the Whitelisting section below for more information on this. |
Text | Mandatory |
Output dataobject | Specify the name of the data object in which to store the output. | Text | Optional |
Additional query parameters | By clicking the add button at the end of the table row, you can set the name and the value of the query parameter. For example, when you log on to the LogicNets system, the URL is something like http://application.logicnets.com/[company name]/logicnets.lns?verb=start&code=logon. In the example above, verb and code are examples of the name of the query and start and logon are examples of the value. |
Table | Optional |
Whitelisting
When you redirect to a URL that has a different host name than your application, you must ensure the URL is whitelisted. This keeps your application from being abused as an open redirect proxy. See https://cwe.mitre.org/data/definitions/601.html for more information.
You can whitelist an external URL through the System Configuration module, where there are two relevant configuration items located on the Security tab:
Non-approved Redirect-uris Mode
In this mode, you can select from the following options:
- "log only": When you use a URL that is not whitelisted and the user follows the redirect, the system logs the error "Illegal redirect uri specified" but continues with the redirect.
- "block" (recommended): When you use an external URL that is not approved and the user follows the redirect, the system logs an error and shows the user an error message, such as "the specified redirect_uri is not whitelisted". The system will not follow the redirect.
Approved Redirect-uris
This mode specifies that all URIs listed here are whitelisted, and the Redirect URL column can contain the following:
- A full URL: e.g. https://sub.mydomain.com/folder/page.html, only this page is whitelisted.
- A part of an URL: e.g. https://sub.mydomain.com/folder, all pages with this folders and its sub-folders are whitelisted.
- Or only a host name: e.g. https://sub.mydomain.com, all pages with this hostname are whitelisted; if the schema (in this case "https://") is omitted a https schema is assumed.
You can use wild cards in the host name; for example, to whitelist all sub-domains you can use the following URI: https://*.mydomain.com. For security reasons it is better to use full URLs as much as possible.
The description and created by fields are not mandatory and you can use them for your own information.
Example
There is no example project available for this part.