Hi,
On 09.09.2010 15:41, Felix Meschberger wrote:
> Since most (if not all) Ajax frameworks (at least JQuery and ExtJS do)
> send an "X-Requested-With" set to "XMLHttpRequest" we could make use of
> this as follows:
>
> if (cookie is expired) {
> if ("XMLHttpRequest".equals(
> request.getHeader("X-Requested-With"))) {
> // signal to AJAX the request is forbidden
> send(403/FORBIDDEN)
> return DOING_AUTH;Hmm, 408/REQUEST TIMEOUT might be better ... Regards Felix
