I am working on site where users get a 30 minute cookie and after it expires, any calls to the server redirect to a "session expired, click here to re-login screen." Here's the wrinkle:
When the user gets to the session expired page, the URL of that page is that of the page they were trying to reach. Clicking the "Login Again" link takes the user to a generic login page which uses the referral URL (the URL they were trying to reach), to get them back to where they were originally trying to go, instead of to the generic "welcome" screen.
So if I make an AJAX call to the server and tell it to fill some div with the response, I get a div with the "session expired" page inside of it.
However, I only get that "session expired" page once. So if, for example, I have two windows open to the same site, and I click a link on one, I'll get the session expired error. If I switch windows and click a link in the other, I get the generic login page. So I only get one shot at seeing the "session expired" page.
Now, I looked over this question:
How to manage a redirect request after a jQuery Ajax call
And was able to make really significant progress, at least in my understanding, but from what I can tell, this solution basically has jquery trapping the response and referring the page to the generic login page.
I'm not sure if that's the same thing as what I want. For one, it's unclear whether or not the login page will always see my page (the ajax page) as the referral. There is also another issue, perhaps also not significant, but it can be.
Because of this trampoline redirect (I hope that's the right term for this case), POST data tends to break the bounce-back after re-login. It gets a server error about the URL being the wrong length.
Right now, I have it set up so that if the server response isn't 200, it outputs the xmlHttp response, which, on first trigger gets a "you are being redirected, is that okay?" alert from the browser. On second trigger, I get the login page in full HTML code. (This is depending on the browser, actually. Chrome just pouts).
So, what I want, if it can be done, is three things:
If the response is not 200, the entire page should be replaced with the returned xmlHttp response (as a redirect, but not to an address, just to the page that the server is trying to redirect to), and
The redirect/redraw of the page should NOT have any post data, and so I'm thinking:
This should all be done as a global function prior to the real query taking place.
So the finer points I'm getting lost on are:
how to redirect the whole page correctly (you have to keep in mind, I can't trigger the page to redirect once I get the response, because then I won't get the "session expired" page.)
and
If I can set a function (Ajax event, I believe), that will make the test call for ALL of my ajax functions WITHOUT having to refer to that text-call-function FROM each ajax function. I am getting really lost in the Ajax Events documentation on the jquery site as it seems like some of the time it sounds automatic (like it will run regardless of me calling it), while other times it seems like it's a way to make this slick function that does what it should but only for those ajax functions that remember to ask it to.
Final note, and I appreciate everyone who has read this far:
It is quite possible that the session-expired window is not crucial to the user getting back to the page they came from pre-reauthentication. One of the goals here is to leave the user experience as intact as possible. While the average user of this site may not even LIKE the crash screen, they do anticipate it, and going from the private site to a plain "username/password" page will be distracting and even concerning to some users.
