0

I am trying to redirect a user to the login page of the website from page A if at the time of the page load no login details are found in the session. I am using a servlet for the same.

From page A, I am making the most basic AJAX call at page load to my servlet as below:

$.ajax({
    url: "/bin/website/protectedpage.html",
    success: function(){
    }
});

However, I have only been able to achieve the following results with the mentioned approaches:

1.

response.sendRedirect("/content/website/en/login.html");

resulting into an HTTP code 302 in response but no redirection actually happening. Also, there is nothing returned in the response body.

2.

ServletContext context= getServletContext();
            RequestDispatcher rd= context.getRequestDispatcher("content/website/en/login.html");
            rd.forward(request, response);

resulting into a Response code 200 returning the whole login page HTML in the response body but still not redirecting the user to the login page.

What am I missing? Please help me with the same. Thanks in advance.

Karttik Mishra
  • 150
  • 2
  • 14

3 Answers3

2

$.ajax() performs an asynchrounous HTTP call to the server. Redirecting the call just from the server won't also redirect on the browser. You will have to handle the redirection after the ajax call on the front-end itself.

You can try something like this

$.ajax({
    type: "POST",
    url: URL,
    data: reqBody,
    dataType: "json",
    success: function(data, textStatus) {
        if (data.redirect) {
            // Redirect here
            window.location.href = data.redirect;
        }
        else {
            // No redirection.
        }
    }
});

PS: Code block copied from here.

Abdullah Khan
  • 12,010
  • 6
  • 65
  • 78
  • Hi Abdullah! Seems right on point. Two further questions here, 1. Does the HttpSession values hold good in case of a window.location.href? 2. Is this the correct way of implementing a hybrid system of public page and protected page(pages only the logged in users can see)? – Karttik Mishra Jul 31 '17 at 08:09
  • 1 [This](https://stackoverflow.com/a/33242744/3094731) would be answer to your first question. 2. As for the second question implementing a hybrid system just with normal HTTP calls and ajax calls would be ok but not preferred. You can use some framework at the back-end like Spring security. – Abdullah Khan Jul 31 '17 at 11:19
  • I meant to ask, if I do a window.location.href from JavaScript, does the HttpSession stay valid in the further request objects? Can the attributes/values stored in the session prior to making the window.location.href call be retrieved from session later as well? – Karttik Mishra Jul 31 '17 at 11:26
  • Only doing `window.location.href` from Javascript wont do anything to your session objects. – Abdullah Khan Jul 31 '17 at 11:46
  • You will also have to invalidate the session on the server side using something like this `session.invalidate();` – Abdullah Khan Jul 31 '17 at 11:52
0

you can use window.location.replace("url") (simulate an HTTP redirect).

If ypu prefer, you can use window.location.href = "url". This is similar to click a link.

The function replace() does not keep the originating page in the session history, so the user can't get stuck in a never-ending back-button. For me, replace() is the best choice.

Antonio314
  • 61
  • 6
  • Hi Antonio! Do you mean a redirection from the JS based on the URL returned from the servlet? If yes, does it keep the session data intact as I would not want to losse the logged in information saved in the session. Also, I am hoping to redirect from the servlet directly instead of doing it from the JS. – Karttik Mishra Jul 31 '17 at 06:24
0

Would you have tried something like 

function_name(funct) { return function(data) { if($("#myForm", data).size() > 0) top.location.href="login"; else funct(data); } }

for example 

function sample(data, funct){
    if($("#myForm", data).length > 0)
        top.location.href="login.htm";//redirection
    else
        funct(data);
}

Then, when making the Ajax call we used something like:

$.post("myAjaxHandler", 
       {
        param1: sam,
        param2: kari
       },
       function(data){
           sample(data, myActualCB);
       }, 
       "html"
);

all Ajax calls always returned HTML inside a DIV element that we use to replace a piece of the page. Also, we only needed to redirect to the login page. We basically have an ISA server in between which listens to all requests and responds with a 302 and a location header to our login page. Now check for status 302 as you have mentioned above that you are getting response 302

 $(document).ajaxComplete(function(e, xhr, settings){
        if(xhr.status === 302){
           var loginPageRedirectHeader = xhr.getResponseHeader("LoginPage");
    if(loginPageRedirectHeader && loginPageRedirectHeader !== ""){
    window.location.replace(loginPageRedirectHeader); //check for location header and redirect...
        }
    });
Mayank Sharma
  • 403
  • 2
  • 2