How would you guys overcome this issue? Jquery + ajax + server timeout

Question

Hi

I am using asp.net mvc, C# and jquery. My site is uses ajax heavily. This has lead to a problem and I am not sure how to fix it( well fix it better than my current solution).

Scenario.

1. User logins into my site - cookie set, server has timeout of 30mins
2. User walks away for 30 mins
3. User comes back and clicks on one my ajax enabled jquery tabs
4. Request sent to server
5. Server goes nope user timed out send them back to signin page.
6. since it is a an ajax request the redirect gets rendered in the tab. It look ugly(an entire page rendered in a tab), user is probably extremely confused at this point.

Problem

1. As far as the server and ajax is concerned the ajax request is valid and success response is sent back. So I can't go check for an error as the request was successful just not the right data coming back.

Solution 1

1. User logins into site.
2. Jquery ajax request made to find out users timeout
3. timeout is 60 seconds less than server timeout
4. Once timeout on javascript side is hit. Jquery dialog box comes up and tell them their session expired and forces them to be redirect to sign in pack.
   • A user can't click on anything as the dialog box blocks that. If some users firebug or something they can remove it but then server timeout will still be effect and they will get the ugly version(don't care then).
5. If a user makes an ajax request the timeout on the server side is reset as well as the one on the client side.

Problems

1. User could walk away and another person could come and the timeout message could be up but they still could have a potential of 45 seconds of trying to make a new request and reset the timeout. This is very low and not too worried about it.

2. Sometimes I have observed is it just times out( the client side) and I don't know why. I never can recreate the problem( seems to happen to other people but not when I am testing). So I am guessing something did not hit write or something else went wrong.

So number 2 is really the big reason why I would want to find another solution.

Solution 2 (speculation).

I was thinking maybe if I can make my own response header or something so if the server times out then I can send some 303 redirect or something in that nature that I could check for then do a jquery redirect based on that.

However I am not sure where to do that in my C# code or if I can do something like that.

Answer 1

I don't see why your authentication handler (action filter) can't handle this by returning 403 (forbidden) which AJAX handler will then process by setting window.location to /login.

Answer 2

I basically do solution 1, except that (1) I've encapsulated it into a plugin and (2) I inject the session timeout in the page when it renders. You can see details on my blog, http://farm-fresh-code.blogspot.com, in this article. One addition is that, when the client-side times out, it automatically invokes the logout action to actually terminate the session.

Answer 3

You could always add a custom HTTP header in your LogOn action which could be intercepted by AJAX calls and act accordingly:

public ActionResult LogOn()
{
    Response.AddHeader("X-LOGON", "LogOn");
    return View();
}

And in the success callback check for the presence of this header:

$.ajax({
    url: '/home/someaction',
    success: function (data, textStatus, XMLHttpRequest) {
        if (XMLHttpRequest.getResponseHeader('X-LOGON') === 'LogOn') {
            // the LogOn page is being displayed 
            // probably timeout or unaithorized => act accordingly
        }
    }
});