What's the best way to handle session timeouts in ajax requests?

后端 未结 2 1206
忘了有多久
忘了有多久 2021-02-13 12:50

Consider this Django view which will get a list of items associated to the current user:

@login_required
def list_items(request, page_number=0):
    items = Pagi         


        
相关标签:
2条回答
  • 2021-02-13 13:03

    I would handle it by having your session timeout method check whether or not it is being requested with AJAX. If it is ajax, return a 401 not authorized(or 403 forbidden or whatever status makes sense) status code with an empty json string. Next, in your javascript, bind a global ajaxError handler that checks for that status code and handles it appropriately.

    0 讨论(0)
  • 2021-02-13 13:05

    You could use something like http://amplifyjs.com/ that lets you write a nice wrapper for your AJAX calls and then use its data mapping feature to check if the user is still logged in before doing the AJAX call.

    This way you can have a client-side timer that sets the user to logged-out status and provides a hint so the login check doesn't need to be done before every AJAX call.

    Alternatively you can use a custom decoder which asks the user to log in and retries the AJAX call if the user was logged out. It would need to store all the xhr data and callbacks it gets called with until the user logs in.

    0 讨论(0)
提交回复
热议问题