Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cannot handle 302 redirect in ajax and why? [duplicate]

Tags:

http-headers

javascript

jquery

ajax

asp.net-mvc

I have a back-end server written in asp.net mvc using Forms Authentication. When the user is not authenticated, the server will automatically send a 302 redirect to a Login action and return a Login page.

On client side, I have a list of items. This list is only accessible to authenticated users. On the page, I have a button to Refresh the list using Ajax ($.ajax function of jQuery).

Now, my problem is when the authentication ticket is timeout and the user clicks on the Refresh button:

  • My function sends an ajax request to get the refreshed list
  • The server detects that the authentication ticket is not valid and issues a 302 redirect.
  • The browser automatically handles that 302 response and forces my ajax function to send another ajax request to the Login action and the final result is an HTML with status 200. My script is confused because the list is also an HTML with status 200.

What I want is when the authentication ticket is timeout and the user clicks on the Refresh button, I should be able to detect that and display a message asking the user to Login.

I tried to workaround this by adding a custom header (IS_LOGIN) in the Login action and check that in my ajax response. But it is not a good solution.

So my questions are:

  • What is the best way to deal with this problem?
  • Why does the browser not let our script handle 302 response? and just automatically forces our ajax to create another request. This is a problem with the browser or jquery library? Any reasons for this? (security,...)

Thanks for any replies.

like image 997
Khanh TO Avatar asked Apr 14 '13 07:04

Khanh TO

People also ask

How do you fix a 302 redirect?

How to fix it? You should only use 302 redirects where the redirection is temporary and content will come back to the original URL soon. Check the reported URLs. Where the redirection is permanent, change the redirection to 301 (Moved Permanently).

Does a 302 automatically redirect?

If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

How does a 302 redirect work?

A 302 redirect does not pass the “juice,” or keep your domain authority to its new location. It simply redirects the user to the new location for you so they don't view a broken link, a 404 not found page, or an error page.

Can you redirect an Ajax request?

Add a middleware to process response, if it is a redirect for an ajax request, change the response to a normal response with the redirect url. Then in ajaxComplete, if the response contains redirect, it must be a redirect, so change the browser's location.

1 Answers

You shouldn't redirect the call when it's an XHR but respond with a 401 Unauthorized and handle this in your callbacks. I don't know ASP.NET but I did something similar with Spring Security.

Heres the concept:

  • Get the authenticated state
  • Check the headers for X-Requested-With: XMLHttpRequest
  • When found and not authenticated respond with 401 Unauthorized
  • When not found and not authenticated redirect.

The bottom line is that XHR calls need to be handled differently then other HTTP requests in some cases. You should only redirect a XHR if the same resource is at another location.

To answer your question

You can't handle redirects with XHR callbacks because the browser takes care of them automatically. You will only get back what at the redirected location.

like image 94
Bart Avatar answered Sep 18 '22 11:09

Bart
Sign in to Comment

Related questions

Play sound in Angular 4
Return true/false for a matched/not matched regex
How to execute code after html form reset with jquery?
Programmatical click on <a>-tag not working in Firefox
Reversing a string in JavaScript
Remember and Repopulate File Input [duplicate]
Stop a youtube video with jquery?
How to set image to fit width of the page using jsPDF?
Prepending "http://" to a URL that doesn't already contain "http://"
Palindrome check in Javascript
javascript number/currency formatting [duplicate]
Ember.js: Reloading a .hasMany relationship given through "links" in payload
JavaScriptCore nested "call" performance issue
D3.js force directed graph, reduce edge crossings by making edges repel each other
Javascript: Mocking Constructor using Sinon
Different results using the same maths in different browsers
How to show a running progress bar while page is loading
How to format/tidy/beautify in JavaScript
Lightweight Rules Engine in Javascript [closed]
JavaScript touchend versus click dilemma

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!