Session timeouts problem
Posted: Wed Feb 13, 2008 7:30 am
I have an admin section on my website that only a few people have access to. We have very long session timeout time for this section but the one problem is some people will leave the admin section open then leave for like 4 hours then come back and click on a ajax link. The ajax link will alert the returned data (generally an error message) if it does not return a "1". Now the problem is that if they leave for such a long time their session expires and so the "error message" is actually the HTML to the login page because it automatically redirects them to the login page since their session is expired.
What I originally thought of doing was to just have a meta refresh set on the admin page with like 12000 seconds and so if they let the page sit for that long then it just redirects them to the login page because their session has expired. This won't work though because we often will have 2 tabs open of the admin section for reference and only touch the 1 tab once durring the whole day so this tab would end up redirecting and logging them out even though they are still good to go.
So really, how can I prevent this from happening? I though about using an ajax request to see if the session is still alive or something but I don't see how I can do that without actually continuing the session (which I don't want to do).
What I originally thought of doing was to just have a meta refresh set on the admin page with like 12000 seconds and so if they let the page sit for that long then it just redirects them to the login page because their session has expired. This won't work though because we often will have 2 tabs open of the admin section for reference and only touch the 1 tab once durring the whole day so this tab would end up redirecting and logging them out even though they are still good to go.
So really, how can I prevent this from happening? I though about using an ajax request to see if the session is still alive or something but I don't see how I can do that without actually continuing the session (which I don't want to do).