[thelist] Ajax requests after session timeout

Matt Warden mwarden at gmail.com
Fri Sep 24 14:37:25 CDT 2010


On Fri, Sep 24, 2010 at 2:14 PM, Hassan Schroeder
<hassan.schroeder at gmail.com> wrote:
>> What HTTP status code do you return?
>
> 401 would seem most appropriate.

+1

>> And what kind of approach do you use client side?  Display a message or just
>> redirect the browser to login page?
>
> The last time I had to implement this I raised a lightbox-style login pane
> above the page where the request was issued. Once the authentication
> took place, the user was still on the same page so it was easy to replay
> (continue) the desired action seamlessly. More or less. PITA if the user
> doesn't successfully authenticate, but ... :-)

Google mail redirects. I think it really depends on the application
and whether the potential to lose work is a big problem, and perhaps
more importantly if it's even possible to save the work once the
session has expired.

I'd say redirect to login unless there is a compelling usability
reason to do something more complicated.

-- 
Matt Warden
Austin, TX, USA
http://mattwarden.com


This email proudly and graciously contributes to entropy.


More information about the thelist mailing list