[Coldbox 3.8.5] Expired sessions and modal windows

Senario: On my Coldbox app, a user has a page loaded. If the user chooses an AJAX action on this page that spawns a modal window and user’s session is expired, the modal window opens but the security interceptor loads the main login view due to the session being expired. How would you cancel the modal window and send the user to the main login screen instead?

You won’t be able to accomplish this with a server-side redirect. Since the modal window is in the DOM, the javascript AJAX request will not follow the server-side redirects - other than to serve whatever content is in redirected page back in to the modal content.

Any javascript functions returned in the AJAX content would need to be explicitly called after the content is loaded, due to javascript browser security.

If you want to redirect the main window, one way would be to manually add javascript variable declaration to the returned modal content if the user logged out and then you have your modal completion event evaluated for the presence of that variable:

$('#myModal').on('loaded.bs.modal', function () {
    if(typeof('loggedOut') === 'boolean' && loggedOut){
        var currentPage=window.location.href;
        window.location.assign('/login?returnURL='+currentPage);
    }    
}

Alternately, you can add a javascript timer function in your main admin JS that checks for login status periodically and redirects the window to the login page if the user’s session has expired.

The best way would be to modify the security interceptor, and so something like:

if (event.isAjax()) { // do something here instead of redirecting }

the “do something here” would probably best be to return a 401, and check that in your ajax call.

Alternatively, a hacky approach would be for the “do something here” to be something like:

WriteOutput(‘’);

which would reload the main current page, and would therefore hit the securitry Interceptor again and redirect the user to the login page.

Tom.

These are all great suggestions. I’ll see which option works best for me. Thanks for the help.

-CK

That’s what I’ve done in the past. All my proxy requests would throw a specific error/status code for Ajax calls if the session was expired. My JavaScript error handler would check for that error and alert the user appropriately.

Thanks!

~Brad

ColdBox Platform Evangelist
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com