Forum Discussion
kunjan_118660
Cumulonimbus
..the user's session has expired, to respond with a 401 http response when the request has the header X-Requested-With: XMLHttpRequest.
when ACCESS_SESSION_STARTED {
if { [HTTP::header "X-Requested-With" ] equals "XMLHttpRequest" && [HTTP::header "Referer" ] contains "my.logout.php3" } {
ACCESS::respond 401
}
}
ddubya_152376
May 11, 2014Nimbostratus
Well, the issue here is that the browser will never cause that Referer header to be sent because the browser application is a Javascript Single Page Application, all HTTP Requests that go to the backend are AJAX, so the client application never does the 302 redirect to the logout page or anywhere else, the javascript eats the 302 redirect transparently. Let me try and attach a screen shot of what I'm experiencing and what I would like instead.