3

I am setting up a site now that uses a lot of ajax interactions. The basic flow of what is going on now is data is validated both client-side and server-side, and if the data is correct the response from and AJAX post will be the url to the next page to go to.

When I receive the url client side I am currently using window.location = url to perform my redirect.

For some reason, something about this seems incorrect. Specifically, looking through a variety of open-source projects, I rarely see it. I am wondering if the interaction I am describing above is correct, and if it is not, what I could do differently to correct my current design.

LazyOne
  • 158,824
  • 45
  • 388
  • 391
josephmisiti
  • 9,862
  • 11
  • 56
  • 72

3 Answers3

2

What you are doing is completely fine and is the normal approach that people take. Something to keep in mind is how do you handle failed requests that is your post failed for some reason or there was failure in the ajax request etc.

There was an interesting so question and read the marked answer: How to manage a redirect request after a jQuery Ajax call

Hope this helped

Community
  • 1
  • 1
Baz1nga
  • 15,485
  • 3
  • 35
  • 61
2

The best way for redirections is from the server side, basically because the server is the one who knows if you can access this page or not and response 302 redirection in the header or just return the page it self, then if the server approve your request for the page the AJAX should handle the interaction in the page without taking concern about the security.

If anyway you don't concern about security then window.location is fine.

Michael
  • 1,058
  • 10
  • 17
  • 1
    why is window.location a security violation? – josephmisiti Aug 22 '11 at 18:10
  • 1
    It's not. what I mean is that you should control the access to your data from the server (as you do) and redirect form there instead of validating the access to the content by AJAX. the security issue is that your users can easily disable the JS and so they won't be redirected while they can still view the page. – Michael Aug 22 '11 at 18:27
1

This defeats the whole point of AJAX: avoid loading full pages for every interaction, and thus limit bandwidth usage and be more responsive.

With your design, each interaction needs two requests: one to validate the data, and a second one to load the next full page. You'd better avoid AJAX completely: it would certainly be more efficient. Why not returning an error response if validation fails, and a success response with what must be displayed after the post if validation succeeds?

JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255
  • not all of my pages are being loaded via re-directs, some times i manually return html and inject it into the DOM (which is what you are saying I should be doing). I guess what the problem is I am using more ajax than I should be, and instead I should be using traditional HTTP posts to avoid overhead. – josephmisiti Aug 22 '11 at 18:09