Code snippets for symfony 1.x


Ajax request rejected by session timeout

This snippet is usefull to handle a session timeout in an ajax request.

It is very bad to have the login page filling the update div zone...

The idea came from a post in the forum (thanks a lot RoVeRT !)

The method is :

For that purpose, we will add a little code in the ajax helper and in the login action.

1 - We handle the 401 error code in the ajax helper and enable javascript execution for the popup :

401 => "if ( confirm('Your not logged anymore... Ok to go to the login page.')) {document.location='/';}",

2 - We add this code at the beginning of the login action :

// if the request is an ajax request...
if ($this->getRequest()->isXmlHttpRequest()) {
// response to the ajax request : code http 401 (access unauthorized)

Thanks for the comments !

by Vincent Texier on 2006-10-25, tagged ajax  session 

Comments on this snippet

gravatar icon
#1 Martin on 2006-10-25 at 07:16

Why didn't you use sfRequest::isXmlHttpRequest() to identify an ajax request and sfWebResponse::setStatusCode() to set the header?

Would seem more symfony-style to me... :)

gravatar icon
#2 Pierre Minnieur on 2006-11-07 at 05:33

If you would use HTTP authentication you won't have that problem any more - also I don't like the idea refactoring my whole app and add those two snippets on every *remote and remote* function. Although it's a good idea, I'd prefer using HTTP auth with ajax.

gravatar icon
#3 Fuad Arafa on 2006-11-08 at 08:46

Nice ... thanks:

I use the following on top of my login page (View) ... no need to pass ajax = true ... etc (I am using 0.7.1914) :

if($sf_request->isXmlHttpRequest()) { echo "<script>if ( confirm('Your session has timed out and you have been automatically logged out.\n Press Ok to go to the login page.')) {window.location.href='".url_for('/default/login')."';}</script>"; exit(0); }

gravatar icon
#4 Vincent Texier on 2006-12-29 at 10:50

Response to the last post :

To have the code on the login page works only for Ajax updaters, when you update a div...

It does not work for classical Ajax requests...

gravatar icon
#5 Vincent Texier on 2007-01-02 at 01:06

I cant edit my snippet so I post the info here : - The Ajax parameter ( 'script' => true ) is not needed for this code.

gravatar icon
#6 scott meves on 2007-02-07 at 05:44

More discussion in the forum starts with message #3076:

gravatar icon
#7 Pauli on 2007-02-20 at 03:34

Interesting but... where do you write 401 => "if ( confirm('Your not logged anymore... Ok to go to the login page.')) {document.location='/';}", ?

Example : form_remote_tag(array( 'url' => ... 'update' => array('success' => ..., 401 => HERE?) 'complete' => ... 401 => Or HERE ? )); (I've tried both of theme and none works :(...)

Thanks for your help

gravatar icon
#8 Vincent Texier on 2007-02-20 at 06:28


Yes, 401 is an ajax status like 'complete','success',etc

May be you have an error syntax...try to remove the confirm :

don't put quotes around the 401 number !

'complete' => "complete action",

401 => "document.location='/';",

Check also your app/config/settings.yml :

login_module:           security
login_action:           login

You must put the login action code in the declared login module/action (here : module security, executeLogin action) If it doesn't work, let's discuss to the forum thread 3076...

gravatar icon
#9 Saeed Neamati on 2011-09-06 at 07:11

The only problem with this solution is that, we can't be sure 100% that a request is an ajax call. AJAX calls usually add a request header to indicate that they are ajax, but sometimes oddities are seen in this behavior.

But this is the ultimate thing we can do. Thanks.