Inspired? No home

Handling session logout in Ajax-applications

Ajaxian posts about how to manage session in an ajax-enabled application. We do a ping to the server each minute to keep session alive (and to check various stuff). If that for some reason fails so the user no longer has a session, we handle session logout like this (prototype example):

#1:

if a user is not logged in the requested page (/getSomeData/) returns a http 403 - forbidden status.

#2:

var url = "/getSomeData/";
var opt = {
method: "post",
onSuccess: success,
// Handle 404
on404: function(t) {
alert(’Error 404: location "‘ + t.statusText + ‘" was not found.’);
},
// Handle other errors
onFailure: function(t) {
if ( t.status == 403 ) {
doLogin(); // show login box to user
}
},
asynchronous: false
}

new Ajax.Request(url, opt);

(code not tested..just example :)

If you do not want to ping every minute, we do so mainly because of other reason than to keep session alive, then Jack Slocum’s advice (outlined in the comments here) is a good solution. It basically does a cookie check every 30 seconds on the client and pings the server just before the session is about to be end.

Written on 09 October 2007.
blog comments powered by Disqus