Article Number
000013588
Applies To
RSA Access Manager 6.1 Agents
Issue
AxM Agents: How to handle idle and session timeouts when using AJAX methods.
An application leveraging AJAX techniques to request server data generates an error if the users session or idle timeout has been exceeded. The type of error depends on how the event is trapped by the application developer.
Cause
AJAX (Asynchronous JavaScript and XML) is not a product, but a technique of using JavaScript to retreive data asynchronously without reloading the page. While there is not any specific compatibility issue with AJAX, certain techniques may be incompatable when using forms based authentication methods. If a forms based authentication method is being used, the session or idle timeout period expires when an http request is made. RSA Access Manger will then intercept the request and attempt to issue a 304 redirect to the logon page. If this occurs when an AJAX method is requesting server side data, then the application will get a redirection request instead of the expected data. This may cause the AJAX application to generate an error.
Resolution
AJAX methods should always check for error conditions when requesting server side data. If the response from the server is not http 200, then the application should handle the response as an error - and also take appropriate action. If the response is a 302 redirect as the result of forms based authentication, the application should abort the server data request and handle the redirection request. Here is a sample error handler that detects the error resulting from the idle timeout, then reloads the page by issuing a location.reload command. This causes the user to be redirected to the logon page when an idle or session timeout occurs, and reload the page:
function EndRequestHandler(sender, args) {
if (args.get_error()) {
args.set_errorHandled(true);
location.reload(true);
}
}
