Lance Lavandowska wrote:
I cannot speak to the specifics here, but ideally I'd think you'd want a
non-authenticated request to return the standard error code. Then the
ajax 'client' should have a catch for this error code which causes the
whole page to redirect to the login.
getting an error code is basically what we need to sort out. currently
our Acegi configuration will always just intercept any request that
isn't properly authenticated and force it to redirect to the login page.
But for ajax usage we need something which basically does as you said
and rather than redirecting directly do the login page returns a
response which indicates to the ajax component that we need to
re-authenticate.
-- Allen
Lance
Allen Gilliland wrote:
So, I've been playing a bit with struts2 and some of its ajax support
and the cool thing is that we can get a pretty good amount of ajax
goodies for minimal effort, but the drawback is that we are going to
really have to revise some of the way the application works, beginning
with authentication.
The first major issue that I've seen with my ajax testing is that when
a users session expires and the first thing they try to do after that
is done via an ajax widget, then how to properly handle logins is
tricky. Currently if I have any component of a page which is rendered
asynchronously using ajax and it fails an authentication check then
the login page is returned in place of that component, which is not
going to work :/
So I'm interested in hearing what folks have to say about how to solve
this problem. I have code which enables some bits and pieces of ajax
functionality, but I'm hesitant to really commit to it until this
problem is solved.
Thoughts?
-- Allen
