Hi,
On 09.09.2010 20:49, Justin Edelson wrote:
> On 9/9/10 10:59 AM, Felix Meschberger wrote:
>> Hi,
>>
>> On 09.09.2010 15:41, Felix Meschberger wrote:
>>> Since most (if not all) Ajax frameworks (at least JQuery and ExtJS do)
>>> send an "X-Requested-With" set to "XMLHttpRequest" we could make use of
>>> this as follows:
>>>
>>> if (cookie is expired) {
>>> if ("XMLHttpRequest".equals(
>>> request.getHeader("X-Requested-With"))) {
>>> // signal to AJAX the request is forbidden
>>> send(403/FORBIDDEN)
>>> return DOING_AUTH;
>>
>> Hmm, 408/REQUEST TIMEOUT might be better ...
>>
>> Regards
>> Felix
>
> How about 412/PRECONDITION FAILED? 408 doesn't seem like a good semantic
> fit (the cookie has timed out, not the request). 412 isn't quite right
> either (the client is the one who is supposed to establish the
> preconditions), but it's closer IMHO.
>
> Alternatively, 403 with a X-Reason header containing "timeout" or
> "expired" or something like that.
Sounds like the best option, we could infact provide the string value of
the appropriate FormReason enum.
>
> Or we could use my favorite response code, 402 :)
Oh yeah ! Good idea ;-)
Regards
Felix
>
> Justin
>
