Redirecting to an actual page in response to an ajax request

Question

We have a stateful app. When a user is inactive for some time, the session times out, and cached data/objects are destroyed.

We have a request filter which checks the session before the request is processed. If the session is null we return a redirect to the login page. This works fine for normal, non-XHR requests.

But how should we deal with XHR requests? As far as I understand issuing a redirect to an XHR request will simply mean that the login page html is returned in response to the XHR request, which obviously is not the desired behaviour!

How can we issue an actual page redirect in this instance? If this is not possible, what alternatives are there? I imagine many apps must have to deal with this.

Edit: I should also mention that due to the use of an app framework which handles a lot of our ajax stuff we can't easily add checks to the ajax response.

Answer 1

First, you probably need to distinguish between actual browser and Ajax requests. Some frameworks already add their custom header, if yours doesn't then you could additionally add such an 'X-Requested-With' header to be able to tell.

Then, redirect the browser requests to the login page directly. For the Ajax requests, you should issue a 401 Unauthorized.

Although you say that a framework handles most of your Ajax code, it still should offer you an opportunity to hook into when it comes to handling error status codes (otherwise I'd think about moving to another framework :).

In this callback routine, you could then issue a redirect on the Javascript/client side using window.location=....