[thelist] Ajax requests after session timeout

[Bill Moseley]

For a normal web app if a request comes in and the session doesn't exist (or
is expired) I redirect to the login page.

I'm wondering what the correct approach should be if the request is an ajax
request.

Some advocate setting a browser inactivity timeout a little shorter than the
session timeout so the browser will redirect to login after some period of
activity.  That may be fine, but doesn't solve the real issue is what
response the server should generate if a request is sent.

So, I'm curious what others do when you detect an ajax request and the
session is expired/missing.

What HTTP status code do you return?

Do you provide any details in the response body?  Again, if session is just
gone from session store there's not much to say other than "go login".

And what kind of approach do you use client side?  Display a message or just
redirect the browser to login page?


Thanks,
-- 
Bill Moseley
moseley at hank.org