I have a web app driven by a servlet that times out users' sessions after a period of inactivity by redirecting to a login page. I had code in place on the web client that checked for this, essentially similar to the following:
function error(request, errtype) {
if (request.status == 302) {
// Display a "timed out" dialog, then:
window.location = request.getResponseHeader("Location");
}
}
However, recently this scheme stopped working; on timeout, the request.status was 0. Using Firebug I could see that the same HTTP 302 response was being returned.
I read the spec for XMLHttpRequest carefully, and found this section:
If the redirect does not violate security (it is same origin for instance), infinite loop precautions, and the scheme is supported, transparently follow the redirect while observing the same-origin request event rules.
Otherwise, this is a network error.
I hadn't even known that clients were supposed to automatically follow redirects that they get in response to Ajax requests; the browsers I care about didn't do that before, since my code above used to work. I recently upgraded my version of Firefox, which now perhaps is following the spec more closely. The network error prescribed by the spec would explain the zero response code I'm seeing. However, the redirect I'm getting is to the same host (albeit on a different port), there shouldn't be an infinite loop, and the scheme remains HTTP, so I don't understand why I'm getting a network error.
Any ideas?