Wednesday, September 10, 2008

Session Timeout Issue of an AJAX Driven Page

I love AJAX and I use it when it's necessary. I use Rico AJAX, dwr, and Yahoo UI Library in particular because it works. The only issue I'm having is I haven't figured out a way to detect session timeouts.

Suppose I have the following page:

  • A view users page.
  • When user clicks on an item (a user) on the list of users, the detailed information about this user is retrieved via AJAX.
  • The user detail response coming back is an XMLResponse and contents of this reponse is processed by the Rico AJAX API and rendered in the user details <div> element.
#################################
# List of Users #               #
#               # [User Detail] #
# user1         #               #
# user2         #               #
# user[n]       #               #
#################################
So what happens when the user session times out?

In a standard web application, the request would then be redirected to the login page, user authenticates, then redirected back to the original URL.

In our AJAX driven User Detail page, the XML Response coming back turns out to be an HTML response, in this case the designated login page. So, the AJAX API (Rico) or any AJAX API will fail to render the <div>. In the frames world, the contents of the User Detail section would be a login page. In our case it is blank.

I think the AJAX API's should somehow detect this and refresh the page itself. Otherwise, what's going to end up happening is that all developers using the AJAX API would end up implementing their own scheme. For instance, I would resolve this by creating a BaseAjaxController class and let that base class handle what happens when a session times out (like refresh the page) so the user would be forced to re-authenticate him/herself.

No comments: