1

I have created login system for single page app. First step inn login process is user authentication. Once user logged in their session will start. I have set 30 minutes session time on the server side. On the client side I have JavaScript that keeps track of when to show warning modal box about their session time. However this will work fine as long as computer is not in the sleep mode or mobile device is not locked. I used other approach to keep track of these activities by setting interval that runs every second in JavaScript and checks the difference when user last activity was and compare than against current time. If difference is greater than 30 min I show them link to go back to login page. Everything worked fine until I open the browser on my android phone and logged in. After that I opened some other app on my phone and lock the phone and come back after 30min I do not see my JavaScript being triggered to show the user link with the login page. Instead I'm on the same page and for example if I click Submit button to send ajax call I'm getting error: File not found Components/Login.cfm

Here is example of my login code with JQuery/Ajax and ColdFusion:

ColdFusion Component file:

<cfcomponent output="false">

    <cfset this.name = "jqlogin">

    <cfset this.sessionManagement = true>

    <!--- Run before the request is processed --->
    <cffunction name="onRequestStart" returnType="boolean" output="false">
        <cfargument name="thePage" type="string" required="true">
        <cfset var page = listLast(arguments.thePage,"/")>

        <cfif not listFindNoCase("Login.cfm,Auth.cfc",page)>      
            <cfif not structKeyExists(session, "loggedin") or session.loggedin is false>
                <cflocation url="Login.cfm" addToken="false">
            </cfif>
        </cfif>
        <cfreturn true>
    </cffunction>

    <!--- Runs when your session starts --->
    <cffunction name="onSessionStart" returnType="void" output="false">
        <cfset session.loggedin = false>
    </cffunction>
</cfcomponent>

Here is JQuery/Ajax code that submits the form:

function submitData(){
    var frmData = $('#myForm').serialize();
    $.ajax({
        type: 'POST',
        url: 'Components/AjaxFunctions.cfc?method=saveRecord',
        data: frmData,
        dataType: 'json'
    }).done(function(obj){
        //successfully submitted            
    }).fail(function(jqXHR, textStatus, errorThrown){
        alert("Error: "+errorThrown);
    });
}

I think the problem is once server session timed out access to any other files but Login.cfm and Auth.cfc is restricted. So if I try to submit the form JQuery Ajax call is looking for Login.cfm inside Components folder. I'm wondering how I can kick user back to Login.cfm if url:Components/AjaxFunction.cfc does not exist? Also i want to mention this will happened to any ajax call in the system once session timed out. On the screen is alert message Error: Not found and if I check the dev tools ajax response I see file not found Components/Login.cfm . If anyone knows what would be the best solution for this situation please let me know. Thank you.

espresso_coffee
  • 5,980
  • 11
  • 83
  • 193

1 Answers1

3

Change your failure on your jQuery to redirect to your Login page. 

 }).fail(function(jqXHR, textStatus, errorThrown){
        // This is like an HTTP redirect.
        window.location.replace("http(s)://[yourURL]/Login.cfm");  
        //alert("Error: "+errorThrown);
        // Log to console or something if you need to see the error.
    });
Shawn
  • 4,758
  • 1
  • 20
  • 29