I have an application secured with devise and a session timeout of 30 minutes. With devise all is working well for normal navigation, if the user clicks on a link when timed out they get redirected back to the login screen with a message saying “Your session expired, please sign in again to continue.”, excellent.
However I have ajax in a lot of places. If the session times out and the user does an ajax operation I want the same behavior as above rather that silently failing with a 401 error in the background.
So far I have this jquery code on each page to catch 401s and reload:
$(document).ajaxError(function(e, error) {
switch(error.status) {
case 401: {
// unauthorised (possible timeout)
location.reload();
break;
}
It works well enough, but there is an annoying issue:
Because the ajax request hits devise first, when my application reloads the page I get directed to the login page, but I don’t see the timeout message, I see the unauthenticated “You need to sign in or sign up before continuing.” message.
Is there a way to ensure that on the second request devise still shows the timeout message?
i think that you need to manually show this message, for example by redirecting to a specific url or setting some query parameter.
the problem is, that after your 401 request you got a new session and when you reload the browser, the next request will hit your application with an empty session. that’s why you get the unauthenticated message.