1

Hey all I have a javascript function within a codeigniter view that retrieves some information from a codeigniter controller function that is acting strangely when the timeout for a user's session is reached. Within the called php function I have a statement that looks like this:

  if (!$this->tank_auth->is_logged_in()) {
  redirect(site_url('login'));}

This redirects them to my login page if they are not logged in. However in the javascript function I take the response text and set the contents of a div equal to it. 

  xmlhttp = new XMLHttpRequest();
  xmlhttp.open("POST", "mycontroller/myfunction/", false);
  xmlhttp.send();
  document.getElementById("mydiv").innerHTML=xmlhttp.responseText;

If the user is logged out when they call this function it will return the login page's responseText and insert it into the div instead of redirecting to the login page. This looks terrible. How can I stop it from doing this if the user session times out while looking at this page? I cannot change the timeout limit because other applications rely upon it.

Really this is not a codeigniter or tank_auth problem at all, simply how to redirect from a php function that is being called in an ajax request instead when I am originally using that function to generate a string for the responseText.

Will Sampson
  • 504
  • 6
  • 22
  • Just to clarify, are you using the redirect in the PHP file that you use the ajax request on? – dbf Sep 10 '12 at 23:25
  • @dbf the ajax request is to a file that happens to check if the user is logged in, which is necessary for my application. If they are not logged in it redirects them to a login page. The issue here is that if the ajax request happens while they are not logged in it will still call that php function which returns the redirected login page's responseText. – Will Sampson Sep 10 '12 at 23:35
  • Only if I understood it right, change the value of the PHP file that get's called by the ajax request to a simple `true` or `false` if logged in, and wrap the `document.getElementById("mydiv")` in a if statement, where it will respond only on true, which will mean in our case 'logged-in'. – dbf Sep 10 '12 at 23:39
  • But I also do not want people who are not logged in to access those pages, so the redirect still needs to be in that page. Perhaps there is a way to check if the request is from my own ajax request? – Will Sampson Sep 10 '12 at 23:45
  • A redirect in a PHP file that is requested by an ajax call does not make sense at all, it will not affect anything, you can just exit the PHP file on top of it with something like `if(!$loggedIn) exit();`. – dbf Sep 10 '12 at 23:49
  • Unfortunately it does in the scope of my application as the site is being viewed by prospective clients who need to be redirected if they try to hit any part of the site not in their view. And also the called function may be called by other sources which would require the check for a login. – Will Sampson Sep 11 '12 at 00:23

2 Answers2

1

You need to parse the response and determine whether it is the type of response you're expecting. If you're expecting under a certain number of characters, you can check length, but that might not be as reliable as checking for specific dom objects or strings.

You could do, for example:

if(xmlhttp.responseText.length < 200) {
    document.getElementById("mydiv").innerHTML=xmlhttp.responseText;
} else { 
    window.location.href = 'some url';
}

Another alternative would be to use CodeIgniter's AJAX response check to do something else instead of loading the view (or load a different view):

if ($this->input->is_ajax_request())
{
    // do something else 
}
else
{
    // do what you were doing before
}

Hope this helps! I would shy away from doing the PHP/CI method because it sounds like you would be adding exceptions everywhere in your code which would not be pretty. It's totally up to you, though.

Brendan
  • 4,565
  • 1
  • 24
  • 39
0

if you know your login design well. you can handle your response like this.

success: function (response) {

if(result.substring(0, 15) == '<!DOCTYPE html>') //Your login's HTML initials.
    window.location = site_url_path + 'login'; //session timeout redirection.
//your normal functionality

}

It will be helpful when you have written redirection in a construct of your controller.

Nikunj Dhimar
  • 2,296
  • 19
  • 24