Detecting authentication timeout in handler and redirecting entire page to login page

Question

I am writing an application where by someone can edit paragraphs on a web page. jQuery is used to send and receive the edited paragraph data to a handler, which saves it or reads it from a database. The problem is that if the forms authentication has timed out, I get the login page back from my handler. Is there any way I can detect at the client or server if the authentication has timed out and redirect the entire page to the login page?

Answer 1

In my application, on the client side, I check the HTTP status of the returned page. If it is 401(Unauthorized Error), I present the login form in a modal dialog. You could re-authenticate like that or just redirect using

window.location = 'http://someurl.com';

This requires cooperation of the server to return a 401, but this seems like the cleanest way to me.

Answer 2

I recently accomplished a method for handling 401s which I think will work for you as well. The problem in past versions of .NET is that error pages wouldn't return the proper error code, they just 302 to the specified page.

With .NET 3.5, your error handler can "rewrite" instead of "redirect" using redirectMode:

<customErrors mode="On" defaultRedirect="/err.aspx" redirectMode="ResponseRewrite">
  <error statusCode="404" redirect="/404.aspx"/>
</customErrors>

Since all requests (including web service calls) will now return the proper HTTP status code, you can properly use the 404 / 401 / 500 code in your javascript.

Then, in your client code (this is in jQuery and is redirecting on any errors, not only 401s, but you get the idea):

$(document).ajaxError(function(event, XMLHttpRequest, ajaxOptions, thrownError) {
  window.location.href('/error.aspx');
});