I have a back-end server written in asp.net mvc using Forms Authentication. When the user is not authenticated, the server will automatically send a 302 redirect to a Login action and return a Login page.
On client side, I have a list of items. This list is only accessible to authenticated users. On the page, I have a button to Refresh the list using Ajax ($.ajax function of jQuery).
Now, my problem is when the authentication ticket is timeout and the user clicks on the Refresh button:
What I want is when the authentication ticket is timeout and the user clicks on the Refresh button, I should be able to detect that and display a message asking the user to Login.
I tried to workaround this by adding a custom header (IS_LOGIN) in the Login action and check that in my ajax response. But it is not a good solution.
So my questions are:
Thanks for any replies.
You shouldn't redirect the call when it's an XHR but respond with a 401 Unauthorized
and handle this in your callbacks. I don't know ASP.NET but I did something similar with Spring Security.
Heres the concept:
X-Requested-With: XMLHttpRequest
401 Unauthorized
The bottom line is that XHR calls need to be handled differently then other HTTP requests in some cases. You should only redirect a XHR if the same resource is at another location.
You can't handle redirects with XHR callbacks because the browser takes care of them automatically. You will only get back what at the redirected location.
©2020 All rights reserved.