0

I am trying to have my server redirect my application after I do a un-athenticated GET request using ajax. However when I get the redirect (server sending a 303 with /login.html for the location) I am getting the full HTML of the login.html in my response when viewing the Response tab in the firebug console (maybe this is normal, I'm not sure). Then viewing this in firebug I see that it is trying to do the redirect but the console is just spinning on that action (never finishes processing it). I have tried finding some pertinent information online and haven't been to successful, the closest I found was: HERE.

Here is how I am handling this in the JavaScript:

function doSomethingAwesome()
{
  try
  {
     ajaxObject.open("GET", serverLocation+ '?action=getSomeInfo', true);
     ajaxObject.send();
  }
   catch(err){}
}

ajaxObject.onreadystatechange = function()
{
  if(ajaxObject.status == 200 && ajaxUsers.readyState == 4)
  {
    do some stuff
  }
}

My response header has the following information: 303 See Other Connection: Keep-alive Date Location: /login.html Server nginx/1.2.7 Transfer-Encoding: chunked So the onreadystatechange function shouldn't really impact the redirect (from what I understand) but thought I would throw it on there. Really all that should be happening here is I talk to the server to load some info, it sees that I'm not logged in (whether it is a GET or POST) and I should receive a redirect to the login page (which doesn't happen). Sorry if this sounds like rambling, I appreciate any advice or help anyone may be able to offer.

Community
  • 1
  • 1
Tombo890
  • 371
  • 1
  • 3
  • 11

1 Answers1

1

The issue here is that you are redirecting the ajax request only instead of navigating to that new url. You have to perform the redirection by changing window.location.href within the onreadystatechange function.

plalx
  • 42,889
  • 6
  • 74
  • 90
  • The idea here is that the server will mandate and enforce the redirect for security reasons. However for the heck of it I did try manually redirecting within the onreadystatechange function and nothing changed. In the firebug console I still see first my GET request being sent then a GET "http:// stuff/login.html" with the loading circle continually spinning. To me this looks like it knows it should be redirecting but is getting hung up somewhere. – Tombo890 Apr 29 '13 at 22:42
  • @user1005658, doing `window.location.href = 'someurl';` will certainly redirect, are you sure that the line gets executed? If you are, it could be that you are experiencing a redirect loop. – plalx Apr 30 '13 at 00:09
  • yes it for sure will do a redirect. Where my question is leading is shouldn't the browser handle a 303 redirect? Or is that something I have to watch for and manually pull out the location out of the header and do the redirect? It seems like a page wouldn't truly be secured if you have to watch for the 303 and redirect the page, anyone could set a breakpoint and stop your javascript from running, but if so how do I watch for the 303? – Tombo890 Apr 30 '13 at 17:38
  • @user1005658, When you perform the Ajax request, it is that request that gets redirected. The browser will not redirect the main browser window. If you want a redirect to happen based on the server's response for an ajax request, then you have to handle this yourself in the `onreadystatechange` handler. – plalx Apr 30 '13 at 17:46
  • Thanks for getting back to me. That is not ideal but it's fine I can handle the redirect. I assume the best way to do that would see if there is a location included in the header? Or is there actually a way to check to see that I'm getting a 303 back? – Tombo890 Apr 30 '13 at 18:24
  • @user1005658, Yes, from your example you can check the `ajaxObject.status` to get the response HTTP status code. Please consider marking this answer as accepted. Thanks! – plalx Apr 30 '13 at 22:02
  • I appreciate the help but that doesn't really answer the question. I know I can get the status but that is going to give me a 200 as long as the transaction finishes successfully. I was asking how I can find the 303 from the response header. I am going to take a different approach to this now anyways, but thanks for the help. – Tombo890 May 02 '13 at 16:39
  • @user1005658, Yes sorry you are right, you cannot get redirect status codes that way. However here are some alternatives http://stackoverflow.com/questions/199099/how-to-manage-a-redirect-request-after-a-jquery-ajax-call/199156#199156 – plalx May 02 '13 at 17:28