On 9/9/10 10:59 AM, Felix Meschberger wrote:
> Hi,
>
> On 09.09.2010 15:41, Felix Meschberger wrote:
>> Since most (if not all) Ajax frameworks (at least JQuery and ExtJS do)
>> send an "X-Requested-With" set to "XMLHttpRequest" we could make use of
>> this as follows:
>>
>> if (cookie is expired) {
>> if ("XMLHttpRequest".equals(
>> request.getHeader("X-Requested-With"))) {
>> // signal to AJAX the request is forbidden
>> send(403/FORBIDDEN)
>> return DOING_AUTH;
>
> Hmm, 408/REQUEST TIMEOUT might be better ...
>
> Regards
> Felix
How about 412/PRECONDITION FAILED? 408 doesn't seem like a good semantic
fit (the cookie has timed out, not the request). 412 isn't quite right
either (the client is the one who is supposed to establish the
preconditions), but it's closer IMHO.
Alternatively, 403 with a X-Reason header containing "timeout" or
"expired" or something like that.
Or we could use my favorite response code, 402 :)
Justin
