tags:

views:

26

answers:

4

Here is the scenario,

  1. User Logs In
  2. User gets up, goes to get some coffee, and talks to co-worker Steve in the kitchen for 15 mins
  3. Users session times out
  4. User comes back to desk and trys to use a field on his/her screen which utilizes ajax functionality

Now, In the ajax page I am checking to see if he/she is logged in, but what do I do with the user? If I just return nothing from the ajax page, then the user does not know why the field is not working. If I try to use header("Location: "), that will not work as expected.

I could return a message saying you need to refresh the page, but that is kind of lame. What I would like to do is return the user back to the main page. I could do this using javascript obviously, but that is relying on the fact that user did not just go to http://website/ajaxpage.ajax.php and has javascript disabled. So what is the best way to handle this?

UPDATE

What about automatically refreshing the page after 15 minutes passes? Maybe using a meta tag? Or a javascript timeout on the page? That would cause the user to just see the login screen automatically when they sit down, however if they are on the same page for 15 minutes it may refresh and be annoying.

+4  A: 

Is it using jsonp? You might be able to return a function that sets window.location and is called as the callback.

Alternatively, you can modify your logic in the JS and return a JSON object that has a timed out indicator, in which case you can handle it appropriately in the AJAX callback. for instance, you can put up a timed box that says "Your Session has Expired - please login again" and then redirect them to the login page.

EDIT In response to your update, I wouldn't automatically refresh it. What you can do is put in some smart idle detection logic and manage the refresh with setTimeout. Here is an example of one using Prototype, but you probably don't want to base it off mouse move.

SB
So I guess the main point is that I would have to rely on javascript to get the needed result? I was hoping I could do it in PHP.
Metropolis
And yes, I am returning JSON :)
Metropolis
Yes I believe you have to rely on the JS in your situation. Because you're using AJAX and the information comes back from that call, PHP won't be able to redirect appropriately. You'll have to deal with it in your AJAX callback. If using JSONP where the server essentially returns javascript to be evaluated, you can just return the appropriate function there.
SB
I believe this would be much more resource intensive though then just updating a setTimeout function for 15 mins every time the user performs an ajax call, or a page reload. Its definitely a sweet way to do it, but im not sure its necessary.
Metropolis
Agreed - it was only meant to be an example. As I said in the answer, doing it off mousemove is probably not what you want to do.
SB
Ok cool, I will decide something based on these things. Thanks SB.
Metropolis
+1  A: 

You could send back a special message from the Ajax page, to indicate to your JavaScript code (running in the user's browser) that it needs to refresh the page. To do that, all you need is

window.location.reload(true);

https://developer.mozilla.org/en/DOM/window.location

Matt Ball
A: 

before sending whatever data you are going to send to the ajax page, send a real quick query that checks session status, return a simple 1 or 0. on 1, continue and do the ajax action. on 0, call another function that pops up a modal "Login" box, sends that login info via ajax and again gets a 0 or 1 for un/successful login. if returns 1, then return and continue inital action, otherwise re-present the modal login box.

FatherStorm
I like the name lightbox better :p
Metropolis
A: 

You could set a session_id in the cookies and allow the user to "stay logged in on this computer" so when it expires, and the user tries to use the ajax function, it could actually log him back in.

Ascherer