[thelist] Ajax requests after session timeout

Matt Warden mwarden at gmail.com
Fri Sep 24 14:37:25 CDT 2010

On Fri, Sep 24, 2010 at 2:14 PM, Hassan Schroeder
<hassan.schroeder at gmail.com> wrote:
>> What HTTP status code do you return?
> 401 would seem most appropriate.


>> And what kind of approach do you use client side?  Display a message or just
>> redirect the browser to login page?
> The last time I had to implement this I raised a lightbox-style login pane
> above the page where the request was issued. Once the authentication
> took place, the user was still on the same page so it was easy to replay
> (continue) the desired action seamlessly. More or less. PITA if the user
> doesn't successfully authenticate, but ... :-)

Google mail redirects. I think it really depends on the application
and whether the potential to lose work is a big problem, and perhaps
more importantly if it's even possible to save the work once the
session has expired.

I'd say redirect to login unless there is a compelling usability
reason to do something more complicated.

Matt Warden
Austin, TX, USA

This email proudly and graciously contributes to entropy.

More information about the thelist mailing list