How can I redirect a user back to signout page when timed out? Asp.net MVC
I have site that users lots of ajax(jquery). Now if the user times out for whatever reason(walked about for 30mins or something). On there next action I want them to be returned to the login page.
I setup everything in the webconfig(returnUrl and timeout) and if they 开发者_C百科try to go to a page they have no premission to go to they get sent to the login page.
However I have the authorize tags on the methods in my controllers that are used for ajax requests. So if a user timesout they are no longer authenticated but they might be on that needed authentication since they logged in and walked away.
Now they could go and try to save something at this point that would do an ajax request. The authorize tag will stop them from doing this since they will fail authorization and the return url will kick in.
However eventhough the return url seems to be sent back to them they are not redirected to the signin page. So I am guessing since all this stuff is ajax thats why it is not working properly. So is there away I can fix this?
You need to check the Ajax error for a 403 response
Run a client-side function every 30 seconds using setTimeout, which should ask the server via AJAX if the session has been timed out. If it has, the client-side code could toss out any login cookie and redirect to the login page.
You can either code hard-code the login url into the client-side code, or have the server handler return the value from the web.config if it needs to timeout.
This still leaves the possibility that the user could try something in the 0-30 seconds between when the user actually times out and the client side code does its request to check. To prevent this as well, have the server send back the amount of time left in the session, that way your client-side code can make the decision to either check back again sooner, or do the client-side redirect before the server-side drop-dead time.
精彩评论