Web Connection
Handling session timeout on an AJAX request
Gravatar is a globally recognized avatar based on your email address. Handling session timeout on an AJAX request
  Carl Chambers
  All
  Feb 2, 2018 @ 01:36pm

When making an AJAX request, I'm trying to figure out how to trap for a session timeout, enable the user to authenticate and then immediately retry the request without navigating away from or reloading the page (which would cause form data to be lost). Here's what I've thought of so far.

  1. Return a timeout error in the JSON response.
  2. In the browser, pop up a modal with an authentication form.
  3. Submit credentials from the model form.
  4. If the response is OK, retry the AJAX request.

Any input would be greatly appreciated.

Gravatar is a globally recognized avatar based on your email address. re: Handling session timeout on an AJAX request
  Rick Strahl
  Carl Chambers
  Feb 2, 2018 @ 11:21pm

If you're making an AJAX request this should be easy. Make the AJAX call and the HTTP request and when it returns as timed out return a sepcial error code that makes the client retry.

However, if you're timing out most likely there's a problem that won't be fixed by retrying. Either bump the timeout you're using up (on the XHR request?) or figure out why requests are timing out. Timeout retries usually just hide problems that will eventually bite you when the retries also fail.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Handling session timeout on an AJAX request
  Carl Chambers
  Rick Strahl
  Feb 3, 2018 @ 09:39am

Hi Rick,

I'm not talking about a request timing out as in taking too long. I'm talking about a timed-out (i.e. expired) session where the user needs to authenticate again to continue.
I'm trying to find a way to do this without loading the login page and losing any form data. I'd like to have the client know that the session has expired, pop open a modal for the user to enter their password, authenticate the password and immediately retry the AJAX request.

Gravatar is a globally recognized avatar based on your email address. re: Handling session timeout on an AJAX request
  Rick Strahl
  Carl Chambers
  Feb 3, 2018 @ 03:29pm

Ok, but same deal really, but I don't think there's a good way to preserve form data in this scenario. Nor do I think should you actually maintain that data for security reasons. You can of course always write that data into storage somewhere (localstorage or send to server with an AJAX request), then retrieve the data, but that gets mighty complicated if you have many forms that you can go back to as each form requires logic to push the data back into it.

I would just try to ensure that users don't get logged out easily by refreshing and checking the authentication frequently.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Handling session timeout on an AJAX request
  Carl Chambers
  Rick Strahl
  Feb 5, 2018 @ 01:42pm

Hi Rick,

I probably should have explained myself better.
When I said I wanted to preserve the form data, a better way to put it would have been to leave everything on the page exactly as is - form data, object selections, javascript variables - everything (except variables used in the trapping).

I wanted to trap for a session timeout, enable the user to re-authenticate and then carry on as if there had not been a session timeout in the first place.

Anyway, it took some messing around but I have it working now.
Now I just need to do a little more testing and to learn more about AngularJS to figure out how to make my new code blocks reusable in all my JS files that need this functionality.

If anyone is interested, I can post the code. Maybe someone can point out something I've overlooked (say, from a security standpoint) or may have a better idea.

Gravatar is a globally recognized avatar based on your email address. re: Handling session timeout on an AJAX request
  Peter
  Carl Chambers
  Mar 23, 2018 @ 05:56am

I have a similar problem... I would be very interested in how you solved it!

Gravatar is a globally recognized avatar based on your email address. re: Handling session timeout on an AJAX request
  Harvey Mushman
  Carl Chambers
  Mar 24, 2018 @ 07:25am

Assuming you are using AngularJS take a look at $Resource and $chcheFactory...

Although these built-in directives can provide some of the behavior you are looking for, they are not the only way to do what you desire. If I understand you correctly, you are trying to maintain "state" on the client.

As Rick pointed out there are security issues with doing this but assuming you have considered them, I think you need to figure out how you want to save the state. Basically, everything must be cached somewhere that will be available once the user updates a valid session.

One thought would be on the client as the session is timing out to write the cache back to the session on the server. Then when the session is validated again push the cache back out to the client.

If you also need to keep track of $Route (say they close their browser) this is going to be more complicated...

© 1996-2024