Forms Authentication and POST requests from AJAX

Question

We have an ASP.NET app protected by forms authentication. The app uses MS AJAX heavily to call its web-services.

When the forms authentication times out, and a

Answer 1

I see two solutions:

(1) "Heart beat" mechanism. On each page include a script that will "ping" the server by some dummy ajax request, like:

This way the session shouldn't expire as long as the browser window is open.

(2) On each ajax request check the status of the response. If the response has "401 unauthorized" code (or any other code different that 200), that means that the session expired and instead of loading the response into some dialog box in the page redirect the user to login page.

Conclusion based on comments:

The best solution would be to combine the two above mechanisms. Heartbeat mechanism will help to keep the session alive as long as the page is displayed in the browser. But in doesn't guarantee that for sure. The connection to the server can be broke and reopened when the session is expired. So you should check the response status anyway.