Does anybody have any strategy or ideas for overall handling of errors and session expiration in a big ajaxy application? In a traditional web application when everything was a post or get, it's easy to handle errors and session expiration and present friendly messages to users. Not so much with modern ajaxy web applications. My web app uses ASP.Net Ajax update panels and WCF calls from various pages throughout. Any one of those ajax calls could return an error or the user's session could be expired. What I am looking for is a single client side component or something that can recognize when there is an error and show the user a friendly message or recognize when session timed out and direct the user to the login page. What have people done to deal with this kind of problem?
A:
Switch of the session at all! This recommendation has 2 aspects.
- AJAX is not so fast technology, so per Microsoft recommendation switching session off improves server-side rendering time
- Session that deals with simultaneously opened 2 pages cracks ajax on both of them.
You already mentioned about server side faults, and list of session negatives can be continued.
Instead review you code, what really need to be stored in session. I'm pretty sure you can separate any data onto 2 (magic number) storage:
- Data that is permanently traversed between client and server (for example analogue of session key). Make you own key and save in hidden fields or cookies. ViewState is good also, but for optimization usage I'm prefer control what exactly is saved.
- Data collected between multiple pages, good example is wizard. Accumulate data from user in DB or user's profile (persisted in DB). For my project we have developed special TempStorage table where user has saved wizard data, and if for some reason user has not finished all steps over 3 days table is cleaned by job.
Dewfy
2009-10-27 14:06:34
I am not talking about session state that stores temp data, I'm talking about the user's logged-in session. That session could expire after an amount of inactivity. In that case, I need the user to log in again.
Matthew
2009-10-27 14:22:22
@Matthew - logged-in user is user with AUTH cookies. So it is not issue of HttpSession, just ensure user has large enough expiration time of .ASPXFORMAUTH cookie.
Dewfy
2009-10-27 14:48:22
Even still, there is a chance the session may expire and I need to be able to let the user know and present a login page.
Matthew
2009-10-27 15:25:04
I already mention it - there is no security session, only cookies are expired. Set it to 2099. In this case still exists possibility user can press "Clear all cookies" in browser, if you review this possibility, then look at cookless authentication. It can be done either over URL or with help of hidden fields.
Dewfy
2009-10-28 15:36:33