Possible to get return url back from javascript/jquery?

Question

Hi

I have a problem that when a user times out on my site they are still logged in. So they can still do an ajax request. If they do an ajax request on my site my asp.net mvc authorization tag will stop this.

The authorization normally then redirects the user back to the signin page if they fail authorization.

Now since this is an ajax request what seems to be happening is it send the entire page back rendered as html. So the user never gets redirect since I just got the entire page send to me as html.

However firebug says this in the console:

http://localhost:3668/Account/signIn?ReturnUrl="return" ( this is not in the actual url bar in the web browser so I can't go up there and get it. I only can seem to see it through firebug.)

So I am not sure but maybe if I could somehow grab this url from inside my errorCallback area that would be great.

Since from my testing no error code is sent back(200 OK is sent). Instead I just get parsing error(hence why errorCallback is called) but I can't assume that every time I get parsing error it means the user timed out.

I need something better. The only other option is too look at the response and look for key works and see if it is the signin page what I don't think is that great of away to do it.

Answer 1

What is the status code of the response in this situation? I think you should be able to check for a 302 here. If not, the Location header would be the next best way to check for the sign-in page.

Answer 2

This isn't an answer to your specific question, but the way I deal with this is to have a some client-side code that understands about the session length and prompts the user to renew a session just prior to it being ready to expire if they haven't moved off the page. If the user doesn't respond to the prompt in time, it invokes the logout action of the site -- taking the user to the login page.

You can find more information on the exact implementation, including some code, on my blog: http://farm-fresh-code.blogspot.com.

Answer 3

You probably want to do one of two things:

• Write your server code such that ajax requests return an ajax error when a session is expired. That way the javascript will expect a return code that indicates a session timeout, and you can tell the user the session expired.
• If an elegant solution isn't forthcoming because of how your framework handles this stuff, just put a chunk of HTML comment in your login page like Uth7mee3 or something; then check for the existence of that string in your ajax code.

Alternative, you can also set a timer on the web page that figures out when the session is about to time out and warn the user with a little message that lets them renew their session. Once it times out, blank out the page and give them a link to login again.

Answer 4

How about having a script in the Loginpage

if(document.location.href != "/Account/Login")
{
document.location.href = "/Account/Login"
}

This would work if you try to render partials in an ajax request. (Not if you expect json)