1

Situation

  • User is working working with a JSF 2.1 and Richfaces 4.3.4 web application
  • User decides to take a coffee break
  • Administrator restarts web server
  • User comes back and wants to do an action (which is implemented as an AJAX request)

Problem: Nothing happens.

AJAX response:

<?xml version='1.0' encoding='UTF-8'?>
<partial-response>
  <changes>
    <update id="javax.faces.ViewState">
      <![CDATA[867555705194888199:-2060396069426176324]]>
    </update>
  </changes>
</partial-response>

What should happen: Forward to login page.

Having a full page request redirects to login page since session is not available anymore. What is the best way to implement the handling of a session timeout in a web application (Richfaces/JSF/jQuery) using AJAX technologies?

Thomas
  • 8,357
  • 15
  • 45
  • 81
  • Possible duplicate of [Session timeout and ViewExpiredException handling on JSF/PrimeFaces ajax request](https://stackoverflow.com/questions/11203195/session-timeout-and-viewexpiredexception-handling-on-jsf-primefaces-ajax-request) – Thomas Apr 29 '19 at 03:59

1 Answers1

3

The best user experience would be to ask the user to login again, establish a new login session and resume back in the place that the user last was in the browser.

That requires doing login in a way that preserves where the user was in the browser like via a login overlay (on the current page) that can become visible, do it's thing via ajax and then go away when successful, leaving the user where they were (there are other ways to do that too).

But, all of this depends upon how much time you want to invest in the user experience for this particular case. If you think it is rare and the unsaved state the user might have is low, then you can just bump them to the login page and make them start their session over. If it's a regular occurrence or if the user has lots of unsaved state that they won't want to lose, then you will want to invest in a mechanism for them to login again without losing that state.

If what you're asking is how would you code in the client for the session going away, that will depend upon what your server returns to the ajax call when it receives a request with an invalid or expired session. Based on what behavior the server returns, you need to make sure you can handle that in your ajax handling. If it's an error, then you need to handle the error conditions. If it's a certain type of valid ajax response, you need to make sure you are handling that.

If you are already producing a known error return condition from the ajax call from the server when the session is invalid on an ajax call, then you just need to fix your client code to detect that condition. We'd have to see what the error condition is and see your client ajax code to know what specifically to advise.

jfriend00
  • 683,504
  • 96
  • 985
  • 979
  • Ok. Thanks. I do have this behaviour when having a full page request but not with AJAX requests. I'm struggling with them since I do not have any useful response from the server. – Thomas Oct 26 '13 at 20:24
  • That was not me!!!! I've upvoted since your answer is useful even though it does not help me to solve my problem. – Thomas Oct 26 '13 at 20:30
  • @ThomasZuberbühler - I added some more info about how you would code for this. I'm not sure what you're really looking for in terms of details. You decide what you want your server to return on an expired session and then you code for that in the client. – jfriend00 Oct 26 '13 at 21:01
  • The reason for the downvote is very simple: the answer is in **no way** helpful in solving the concrete problem. You're nowhere concretely explaining how to achieve that using JSF. – BalusC Oct 26 '13 at 21:38
  • @BalusC - What do you think the OP is asking for that I haven't included? Please make sure you see the last paragraphs of my answer too. – jfriend00 Oct 26 '13 at 21:39
  • 2
    Those duplicate questions contains a helpful answer: http://stackoverflow.com/questions/12504131/viewexpiredexception-not-thrown-on-ajax-request-if-jsf-page-is-protected-by-j-se/ and http://stackoverflow.com/questions/11203195/session-timeout-and-viewexpiredexception-handling-on-jsf-primefaces-ajax-request/ They not only explains the problem, but also **actually solves** it. Your answer comes nowhere close that. – BalusC Oct 26 '13 at 21:40