Home/ Questions/Q 8088227
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T19:01:28+00:00

I am using the codeigniter framework and I am trying to implement the tankauth

  • 0

I am using the codeigniter framework and I am trying to implement the tankauth authentication. It works well for regular pages. In the __construct of the controller, I put the 

if (!authenticated) { redirect('auth'); }

there so that it protects all of the functions in the controller. This works fine if the user’s credentials time out and they try to load a new page, it just redirects them to the auth page so they can login again. However, I get an infinite loop if the function in the controller is called via ajax. I assume because it is trying to send the redirect headers when the page is already loaded.

What is the correct way to protect ajax calls and redirect the user to the auth page when someone who is no logged in tries to call the function?

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I am not familiar with tankauth in general, so there may be a better way, but in general, instead of calling the redirect from the controller, you need to return a message (e.g. in JSON) and then terminate the script, rather than redirecting.

    The client side Javascript that made the Ajax call, then checks the response and if it indicates the user was logged out, use javascript to redirect to the login (window.location). If you send a redirect on a page that was requested via Ajax, it doesn’t cause the browser to redirect, the Ajax call simply follows the redirect and the result of the Ajax call is whatever HTML your login page returns.

    So it might look like this:

    if (!authenticated) {
    if (is_ajax_call) {
        echo json_encode(array('error' => 'loggedout'));
        exit;
    } else {
        redirect('auth');
    }
}

    The the Javascript checks to see if the response contains an error key, and if it is loggedout, it should redirect the user’s browser to your login page.

    • 0