Menu
I have a back-end server written in asp.net mvc using Forms Authentication. When the user is not authenticated, the server will automatically send a 302 redirect to a Login action and return a Login page.
On client side, I have a list of items. This list is only accessible to authenticated users. On the page, I have a button to Refresh the list using Ajax ($.ajax function of jQuery).
Now, my problem is when the authentication ticket is timeout and the user clicks on the Refresh button:
What I want is when the authentication ticket is timeout and the user clicks on the Refresh button, I should be able to detect that and display a message asking the user to Login.
I tried to workaround this by adding a custom header (IS_LOGIN) in the Login action and check that in my ajax response. But it is not a good solution.
So my questions are:
Thanks for any replies.
997
How to fix it? You should only use 302 redirects where the redirection is temporary and content will come back to the original URL soon. Check the reported URLs. Where the redirection is permanent, change the redirection to 301 (Moved Permanently).
If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
A 302 redirect does not pass the “juice,” or keep your domain authority to its new location. It simply redirects the user to the new location for you so they don't view a broken link, a 404 not found page, or an error page.
Add a middleware to process response, if it is a redirect for an ajax request, change the response to a normal response with the redirect url. Then in ajaxComplete, if the response contains redirect, it must be a redirect, so change the browser's location.
You shouldn't redirect the call when it's an XHR but respond with a 401 Unauthorized and handle this in your callbacks. I don't know ASP.NET but I did something similar with Spring Security.
Heres the concept:
X-Requested-With: XMLHttpRequest 401 Unauthorized The bottom line is that XHR calls need to be handled differently then other HTTP requests in some cases. You should only redirect a XHR if the same resource is at another location.
You can't handle redirects with XHR callbacks because the browser takes care of them automatically. You will only get back what at the redirected location.
94
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
