[Fixed]-What's the best way to handle session timeouts in ajax requests?



I would handle it by having your session timeout method check whether or not it is being requested with AJAX. If it is ajax, return a 401 not authorized(or 403 forbidden or whatever status makes sense) status code with an empty json string. Next, in your javascript, bind a global ajaxError handler that checks for that status code and handles it appropriately.

πŸ‘€Kevin B


You could use something like http://amplifyjs.com/ that lets you write a nice wrapper for your AJAX calls and then use its data mapping feature to check if the user is still logged in before doing the AJAX call.

This way you can have a client-side timer that sets the user to logged-out status and provides a hint so the login check doesn’t need to be done before every AJAX call.

Alternatively you can use a custom decoder which asks the user to log in and retries the AJAX call if the user was logged out. It would need to store all the xhr data and callbacks it gets called with until the user logs in.


Leave a comment