Ajax - 我需要在每个AJAX请求之前检查是否存在有效会话 [英] Ajax - I need to check whether a valid session exists before every AJAX requests
问题描述
我正在开发一个使用用户身份验证的项目。如果在请求时没有经过身份验证的会话,我将面临我的AJAX请求问题。
I'm working on a project which uses user authentication. I'm facing a issue with my AJAX requests if there is no authenticated session present when the request is made.
我的会话超时为3分钟,所以如果用户保持空闲3分钟,然后执行一些导致AJAX请求的操作,然后请求将失败并返回403错误。这里我打算做的是拦截页面中的所有AJAX请求,并向服务器发送ping,该服务器将返回一个JSON对象,说明是否存在有效会话。如果有,那么客户端将继续当前请求,否则它将重新加载当前页面,该页面将用户带到登录页面,用户必须再次提供凭证。
I've a session timeout of 3min, so if the user keeps idle for 3 min then do some action which causes a AJAX request then the request will fail and return a 403 error. Here What I'm planning to do is intercept all the AJAX request from the page and sent a ping to the server which will return a JSON object saying whether there is a valid session. If there is one then the client will continue with the current request else it will reload the current page which will take the user to the login page and the user has to provide the credentials again.
这是我的实现。
$("#param-ajax").ajaxSend(function(evt, request, settings) {
var pingurl = GtsJQuery.getContextPath() + '/ping.json';
var escapedurl = pingurl.replace(/\//g, "\\/");
var regexpr1 = eval('/^' + escapedurl + '\\?.*$/');
var regexpr2 = eval('/^' + escapedurl + '$/');
// Proceed with the ping only if the url is not the ping url else it will
// cause recursive calls which will never end.
if (!regexpr1.test(settings.url) && !regexpr2.test(settings.url)) {
var timeout = false;
$.ajax({
url : pingurl,
cache : false,
data : {
url : settings.url
},
async : false,
complete : function(request, status) {
if (status == "error") {
try {
// GtsJQuery.getJsonObject() converts the string
// response to a JSON object
var result = GtsJQuery
.getJsonObject(request.responseText)
if (result.timeout) {
timeout = true;
return;
}
} catch (e) {
// ignore the error. This should never occure.
}
}
}
});
// Reload the window if there is a timeout -- means there is no valid
// sesstion
if (timeout) {
window.location.reload();
}
}
});
这里一切正常包括window.location.reload(),但原始的ajax请求不是中止。由于在触发页面重新加载后原始AJAX请求未中止,因此AJAX请求也会发送到服务器。如果超时结果为真,我想要一些允许我中止原始请求的机制。
Here everything work fine included the window.location.reload(), but the original ajax request is not aborted. Since the original AJAX request is not aborted after the page reload is triggered, the AJAX request also is sent to the server. I want some mechanism which will allow me to abort the original request if the timeout turns out to be true.
这篇文章提供了一些答案,但问题仍然存在于第三方插件,如使用AJAX的数据表。我们无法为这些AJAX请求编写错误处理程序。
This post offers some answer, but the issue remains with the third party plugins like datatables which uses AJAX. We cannot write a error handler for those AJAX requests.
谢谢。
推荐答案
我现在改变了我的概念,我正在使用请求标头'x-requested-with'检查服务器端的xmlHTTPRequest。
I changed my concept now, I'm checking for the xmlHTTPRequest in the server side using the request header 'x-requested-with'.
如果是是xmlHTTPRequest然后'x-requested-with'将具有值'XMLHttpRequest'。我正在使用的javascript库(EXTjs和jQuery)都正确设置了这个标题。
If it is a xmlHTTPRequest then 'x-requested-with' will have the value 'XMLHttpRequest'. Both the javascript libraries(EXTjs and jQuery) I'm using sets this header correctly.
这是我的服务器端代码
boolean isAjaxRequest = StringUtils.endsWithIgnoreCase(request.getHeader("x-requested-with"), "XMLHttpRequest")
编辑
如果给定的请求是ajax请求,则响应将是具有状态的json数据403它将包含一个名为timeout的键,值为true
ex:{timeout:true,....}
If the given request is a ajax request the response will be json data which will have status 403 and it will contain a key called timeout with value true ex: {timeout: true, ....}
然后我们将在$ .ajaxError()事件处理程序将处理错误。如果错误状态为403且超时值为true,那么我将重新加载页面。
Then we will handle this in the $.ajaxError() event handler will handle the error. If the error status is 403 and the timeout value is true then I'll reload the page.
这篇关于Ajax - 我需要在每个AJAX请求之前检查是否存在有效会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
