Today | RSS | RDF | Atom | Other
 
Advanced Search
Gregg's Weblog
Java Notes From My Desktop

Tags - Categories : All | Articles | Book Reviews | CSS | Java | Javaranch | Javascript | News | Opengl | Opinions | Personal | php
July 2007
SunMonTueWedThuFriSat
 1  2  3  4  5  6  7 
 8  9  10  11  12  13  14 
 15  16  17  18  19  20  21 
 22  23  24  25  26  27  28 
 29  30  31     
Jun  |  Today  |  Aug



Check me out!
LinkedIn

Recent Blog Entries

Recent Responses
chunsongxiaxian


Re: Scriptaculous Sortable With Linked Containers

<< Flex 2.0 Presentation at the KCJUG | Home | No More Posts Here >>
Permalink
[Opinions] [Java] [Javascript] [Javaranch] Session Timeout and AJAX

I doubt what I am about to write is new. In fact, I drudged up bits and pieces all over the internet from searches and kind of combined a few approaches into my own. So if you are reading this and you say to yourself "Hey, I came up with that" then I thank you. But hopefully someone can gain from this anyway.

One of the few things I despise about AJAX is handling session timeouts. Nothing about it is very graceful and my solution doesn't improve on that. However, it is simple and easy. Basically, the problem is that when a web applications session times out we typically want to redirect the user to the login page. I do this in Stripes using an Interceptor but you can think of that as a Filter or what have you. Basically, something on the server side is checking to see if the session has timed out and redirecting the request appropriately. Something kind of like this 

if ( user == null && servletPath.startsWith("/admin"))
{
    executionContext.getActionBeanContext().getMessages().add( new LocalizableMessage( "/AdminLogin.action.notLoggedIn" ) );
    return new ForwardResolution( AdminLoginActionBean.class );
}

if ( user == null && servletPath.startsWith("/advisor"))
{
    executionContext.getActionBeanContext().getMessages().add( new LocalizableMessage( "/AdvisorLogin.action.notLoggedIn" ) );
    return new ForwardResolution( AdvisorLoginActionBean.class );
}

In order to get AJAX requests to change the browser location you have to rely on JavaScript, sad to say. What I do is I add 'ajax=' as a parameter to all my AJAX requests. In my Interceptor/Filter I look for this parameter. If I find it and the session has timed out, I change the HttpServletResponse.status to 403 

if (map.containsKey("ajax"))
{
	ajax = true;
	if (session.isNew())
	{
		logger.debug("###########: SESSION IS NEW");
                executionContext.getActionBeanContext().getResponse().setStatus(403);
		return executionContext.proceed();
	}
}

Using Prototype I set an on403 for all my AJAX requests and call a simple function called sessionTimeout() which does this:

window.location = window.location

What that does is refreshes the page so that the first bit of code I showed above takes over and you actually get to the correct login page.

The only problem with this approach is that if you are doing Ajax.Updater you'll get the login page in whatever DIV element you've specified before the page redirects from the sessionTimeout function. Aside from that it works great.

Tags : , ,
TrackBacks[0] Comments[9] Posted by gthought on July 19, 2007 3:26:12 PM CDT

Reply | Permalink Re: Session Timeout and AJAX
Gregg, This is actually very good stuff, I was not sure how to deal with this. Yes it isn't pretty but it works fine. Our filter builds an encoded targetUrl param by looping over the parameter map. (similar to the bugzooky example) but when they login again the request params are restored like nothing happened. I no longer use Ajax.Updater but use these wrapper functions var KEY_LET_AJAX_PASS_THROUGH = "letAjaxPassThrough"; function ajaxUpdater(requestUrl, request, container) { existingOnSuccess = request.onSuccess; request.onSuccess = function transport(response) { $(container).innerHTML = response.responseText; if (existingOnSuccess != null) { existingOnSuccess(response); } }; ajaxRequest(requestUrl, request); } function ajaxRequest(requestUrl, request) { request.postBody = request.postBody + '&' + KEY_LET_AJAX_PASS_THROUGH + '='; existingOn403 = request.on403; request.on403 = function transport(response) { window.location = window.location; if (existingOn403 != null) { existingOn403(response); } }; new Ajax.Request(requestUrl, request); } works great! We finally handle session timeouts correctly, always redirect to login page, and after login proceed back where they wanted to go like nothing happened.
Comment from John on August 1, 2007 2:46:15 PM CDT
Reply | Permalink Re: Session Timeout and AJAX
I know this is an old post but not much information out there about it...
The only problem with this approach is that if you are doing Ajax.Updater you'll get the login page in whatever DIV element you've specified before the page redirects from the sessionTimeout function. Aside from that it works great.
If you examine the request header you can determine what type of request it is, i.e AJAX or Otherwise... in PHP this is: 
isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'
If AJAX then respond with a header 403 only in which case not content is sent back to render and the on403 handler can do what it does without having the contents of the login page rendered into the div, works for Ajax.Updater as well.
Comment from Paul from Edinburgh on May 20, 2010 7:15:24 AM CDT
Reply | Permalink Re: Session Timeout and AJAX
This is a good example. Its easy to learn something about it.. Thanks a lot..!
Comment from wordpress developer on July 5, 2010 7:42:04 AM CDT
Reply | Permalink Re: Session Timeout and AJAX
Great post. A thought, depending upon application you could implement a login popup box which performs login via an AJAX request and then automatically resubmit the 403'ed AJAX request.
Comment from Lea Hayes on January 30, 2011 9:58:19 AM CST
Reply | Permalink Re: Session Timeout and AJAX
I stumbled across your post today while trying to find out how to solve the AJAX session issue. The project I'm working on uses PHP, Zend Framework and jQuery and I've set it up as follows:
  • In my PHP Controller when I detect an expired session I send a HTTP response code of 401
  • jQuery's $.ajax({}) has a super awesome statusCode method that can be called when a certain HTTP response code is encountered. Using the $.ajaxSetup({}) to set a global default of:
  • $.ajaxSetup({
  statusCode: {
    401: function() {
	// Anything you like here, even window.location.href = "/errors/sessionexpired/"
	alert('Your session has expired');
    }  
  }
});

Now whenever I get a 401 response I redirect the user to a page explaining that they need to login again.

What's really nice about this method is that it required very few changes. Once in the controller to set the HTTP response code and then a few lines of JavaScript to setup the defaults which all future AJAX requests would make use of.

Comment from Alistair Phillips on September 14, 2011 12:43:12 AM CDT
Reply | Permalink http://www.uggbootssale-au.net/
Nice classic short boots with the able adroitness and abundant affection are account of your purchasing. These ugg boots sale are able-bodied fabricated with the artistic design. With the heel bouncer apparent with a characterization, these ugg boots do attending actual timeless. The shoelaces are advanced and the eyelets are big. Thus, these Kids Ugg Boots attending altered from the accustomed winter boots in the appearance market. Featuring the lining abounding with sheepskin, the ugg boots can wick damp abroad for your feet. You can get pleasure the absolute warmth, abundance and benevolence of these absolute thigh-high style boots. It adds abundant absorption to the Appearance Sheepskin ugg boots. http://www.uggbootssale-au.net/
Comment from ugg boots sale uk on November 12, 2011 12:59:32 AM CST
Reply | Permalink Coast Dress
thanks for sharing.
Comment from Coast Dress on January 18, 2012 10:50:58 PM CST
Reply | Permalink Re: Session Timeout and AJAX
OLYMPIA è pratico ed elegante, perché è la forma del corpo di progettazione ai sensi e opere classiche. CITYRUSH è realizzata con materiali impermeabili, così la gente può indossare qualunque cosa che sia. Contorno pulito e ordinato e il design semplice e moderno può aiutare le persone a mettere in evidenza la loro immagine esperto e maturo. Ciò di cui abbiamo accennato sopra è solo la punta dell'iceberg di vantaggi di Hogan. In una parola, Hogan fa funzionare, estetica, lusso e divertimento per uno.
Comment from Hogan on April 19, 2012 3:26:07 AM CDT
Reply | Permalink Re: Session Timeout and AJAX
Lo sapevi esattamente che cosa una pagina di domanda può essere? Se lo fai, ti capita di essere di una razza eccezionale, una copia scrittore. La maggior parte delle persone mai. Mi sono imbattuto su questa specifica, mentre ho fatto "Letters Domanda immediata" pacchetto software. "Che c'è una nuova pagina queer? Pollici che informarsi.
Comment from Hogan on April 19, 2012 4:09:57 AM CDT


Add a comment

Title
Body
HTML : b, i, blockquote, br, p, pre, a href="", ul, ol, li
Math Quiz 2 + 9 = (Helps stop blog spam)
Name
E-mail address
Website
Remember me Yes  No 

E-mail addresses are not publicly displayed, so please only leave your e-mail address if you would like to be notified when new comments are added to this blog entry (you can opt-out later).

TrackBack to http://radio.javaranch.com/gthought/addTrackBack.action?entry=1184876772552

Powered by Pebble 1.9.1 [ Login ] Content © Gregg Bolinger