[thelist] Ajax requests after session timeout

Hassan Schroeder hassan.schroeder at gmail.com
Fri Sep 24 14:14:10 CDT 2010

On Fri, Sep 24, 2010 at 11:15 AM, Bill Moseley <moseley at hank.org> wrote:
> For a normal web app if a request comes in and the session doesn't exist (or
> is expired) I redirect to the login page.
> I'm wondering what the correct approach should be if the request is an ajax
> request.

> So, I'm curious what others do when you detect an ajax request and the
> session is expired/missing.
> What HTTP status code do you return?

401 would seem most appropriate.

> And what kind of approach do you use client side?  Display a message or just
> redirect the browser to login page?

The last time I had to implement this I raised a lightbox-style login pane
above the page where the request was issued. Once the authentication
took place, the user was still on the same page so it was easy to replay
(continue) the desired action seamlessly. More or less. PITA if the user
doesn't successfully authenticate, but ... :-)

Hassan Schroeder ------------------------ hassan.schroeder at gmail.com
twitter: @hassan

More information about the thelist mailing list