[Catalyst] Check session expiry without extending it

Peter Karman peter at peknet.com
Thu Mar 4 15:05:41 GMT 2010

Bill Moseley wrote on 03/04/2010 08:39 AM:

> The developer explained that the AJAX session check was needed to
> prevent a user from making a lot of changes in the client that could not
> be saved due to a an expires session.  Not sure I see the logic there.

I've been solving that session-has-expired-so-ajax-call-fails problem by
having a global listener on my ajax class that checks whether the
session cookie has expired before every xhr request. I'm not completely
happy with how this works (it feels kludgy; it assumes the cookie
expiration time == session expiration time; and it relies on an alert()
to halt the browser's progress (effectively making an async call
synchronous)), but so far it's the most effective way I've found of
preventing user meltdown when their carefully crafted request will be
lost because the session has expired on the server end.

// make sure we are logged in before every xhr request
Ext.Ajax.on('beforerequest', function(conn, opts) {
    if (!AIR.Auth.isAuthenticated()) {
        return false;
    return true;

// get session cookie. Returns false if the cookie is expired.
AIR.Auth.isAuthenticated = function() {
    var auth_tkt = Ext.util.Cookies.get('auth_tkt');
    return auth_tkt;

// spawn a popup window to the login page, halting the browser's
// XHR call with an alert()
AIR.Auth.login = function() {
    // open a popup panel
    var winOpts =

    // the closeWindow param tells the login script to generate
    // local page js on success that will close the popup window.
    var url = 'https://my.sso.url/login?back=closeWindow';
    AIR.Auth.window = window.open(url,'login-window',winOpts);
    if (window.focus) {

    // the alert is necessary to keep the browser from proceeding
    // with whatever request it was making.
    alert("Your session has expired. Login again and then click Ok.");


Peter Karman  .  http://peknet.com/  .  peter at peknet.com

More information about the Catalyst mailing list