jQuery $.post extension

Question

Hi All,

I'm trying to create a log-out timer that is governed by a user's requesting data. The issue at hand is that there are some ajax calls that are gets and some are posts. In this case I want to extend the session every time a user does a post, but not on a get (there are some background polls, etc.).

Looking around the jquery docs I saw the "beforesend" hook which sounds just about right, the problem is that I couldn't figure out how to make $.ajaxsetup be 'post' aware.

Any ideas?

Thanks Phil

Answer 1

For (much, much) better security the logout timer should be on the server side, deleting the user session x minutes after the last POST Ajax request, in your case.

You can detect the Ajax-ness of any incoming POST request by checking for the X-Requested-With: XMLHttpRequest HTTP header.

Then, in yout javascript code, poll the server every few minutes to check if the timer has expired and a "You have been logged out" message should be displayed.