tags:

views:

26

answers:

4
Q: 

What to do with a timed out user trying to use ajax functionality?

Here is the scenario,

  1. User Logs In
  2. User gets up, goes to get some coffee, and talks to co-worker Steve in the kitchen for 15 mins
  3. Users session times out
  4. User comes back to desk and trys to use a field on his/her screen which utilizes ajax functionality

Now, In the ajax page I am checking to see if he/she is logged in, but what do I do with the user? If I just return nothing from the ajax page, then the user does not know why the field is not working. If I try to use header("Location: "), that will not work as expected.

I could return a message saying you need to refresh the page, but that is kind of lame. What I would like to do is return the user back to the main page. I could do this using javascript obviously, but that is relying on the fact that user did not just go to http://website/ajaxpage.ajax.php and has javascript disabled. So what is the best way to handle this?

UPDATE

What about automatically refreshing the page after 15 minutes passes? Maybe using a meta tag? Or a javascript timeout on the page? That would cause the user to just see the login screen automatically when they sit down, however if they are on the same page for 15 minutes it may refresh and be annoying.

+4  A: 

Is it using jsonp? You might be able to return a function that sets window.location and is called as the callback.

Alternatively, you can modify your logic in the JS and return a JSON object that has a timed out indicator, in which case you can handle it appropriately in the AJAX callback. for instance, you can put up a timed box that says "Your Session has Expired - please login again" and then redirect them to the login page.

EDIT In response to your update, I wouldn't automatically refresh it. What you can do is put in some smart idle detection logic and manage the refresh with setTimeout. Here is an example of one using Prototype, but you probably don't want to base it off mouse move.

SB  2010-10-01 16:37:08
So I guess the main point is that I would have to rely on javascript to get the needed result? I was hoping I could do it in PHP.
Metropolis  2010-10-01 16:39:13
And yes, I am returning JSON :)
Metropolis  2010-10-01 16:40:00
Yes I believe you have to rely on the JS in your situation. Because you're using AJAX and the information comes back from that call, PHP won't be able to redirect appropriately. You'll have to deal with it in your AJAX callback. If using JSONP where the server essentially returns javascript to be evaluated, you can just return the appropriate function there.
SB  2010-10-01 16:51:26
I believe this would be much more resource intensive though then just updating a setTimeout function for 15 mins every time the user performs an ajax call, or a page reload. Its definitely a sweet way to do it, but im not sure its necessary.
Metropolis  2010-10-01 17:04:25
Agreed - it was only meant to be an example. As I said in the answer, doing it off mousemove is probably not what you want to do.
SB  2010-10-01 17:07:22
Ok cool, I will decide something based on these things. Thanks SB.
Metropolis  2010-10-01 17:11:23
+1  A: 

You could send back a special message from the Ajax page, to indicate to your JavaScript code (running in the user's browser) that it needs to refresh the page. To do that, all you need is

window.location.reload(true);

https://developer.mozilla.org/en/DOM/window.location

Matt Ball  2010-10-01 16:38:17
A: 

before sending whatever data you are going to send to the ajax page, send a real quick query that checks session status, return a simple 1 or 0. on 1, continue and do the ajax action. on 0, call another function that pops up a modal "Login" box, sends that login info via ajax and again gets a 0 or 1 for un/successful login. if returns 1, then return and continue inital action, otherwise re-present the modal login box.

FatherStorm  2010-10-01 16:41:42
I like the name lightbox better :p
Metropolis  2010-10-01 16:43:51
A: 

You could set a session_id in the cookies and allow the user to "stay logged in on this computer" so when it expires, and the user tries to use the ajax function, it could actually log him back in.

Ascherer  2010-10-01 16:43:26

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases