I'm developing a ASP.NET MVC app and I'm wondering which is the best way to handle an expired .NET Forms authentication cookie detected during an ajax call.
Do you think that packing the ajax response into a JsonResult containing info about the cookie validity is the best solution?
My preferred approach is to pop up a message to say that the session has expired, then redirect to a login page which will revert back to the current page after login.
not sure which ajax framework you are using, but most (including asp.net ajax) handles server exceptions by letting you specify onError function.
Namespace.Object.Method( var1, var2, onSuccess, onError ) { .. } etc..
if you let asp.net manage sessions, and as long as page in question is enabled for authenticated users only, the framework will throw invalid session exception when it has expired (i forget which exactly)
inside onError you can check for exception type, and re-direct to login page. in fact, all you have to do is reload current page and .net will redirect it to login page for you. document.location.href = document.location.href; (this will reload current page ignoring submitted form data if any)
One could get real fancy with this. If AJAX on onError is invalid session, pop open a modal popup (lighbox form) with your login view wrapped inside. Allow the user to login from the modal, then they do not lose any form data and were not redirected all over your site. Most likely, the will need to attempt to repost thier data however. Might take some doing, but in the end, I think it is more seamless for the end user.
PS - I am thinking Digg.com type login interface. Click add comment, you get the modal popup.