Jan-Kees van Andel schrieb:
Hey,
I'm not sure what the JSR314 spec has to say about it, but are you
going to create something to handle session timeouts?
It's a common problem with JEE Ajax apps, because you expect XML or
JSON or something, but instead you end up with a login page.
What I do on my current project, is checking in JavaScript if the
response follows the expected format (in my case, I checked for a
specific XML tag). If it doesn't, I know something is wrong and I
redirect (document.location="newUrl") to the login page.
It might be a good idea to provide a hook in MyFaces for this. AFAIK,
the other JSF Ajax frameworks don't have this feature.
Actually the JSR has a special redirect response in the ajax part...
A security manager in the application can provide such a response which
then forces the javascript to redirect to the provided page!
I dont think this should be part of the core code :-), since security
concerns are part of the application and have to be dealt there!
Werner
