Handle session expiration during ajax requests in an ASP.NET MVC application

I’ve worked recently on a project which was developed by using ASP.NET MVC 3 and for the authorization/authentication part we’ve used Forms Authentication. At the controller level we’ve applied some custom filters in which we handled session expiration and unauthorized accesses, in both cases, default behavior was to redirect user to the login page. Everything was fine till we started to encounter session expirations during ajax calls (in our case we were using jQuery ajax api), the results of this session expirations fall into 2 categories:

  1. For requests that were expecting a json result it will result into some javascript exceptions that will leave your application unresponsive.

  2. For requests that were expecting an html response your web application will be “disfigured” by inserting login page html inside a location that had to contain the expected html response.

All this nasty effects are the result of the redirection to the login page in case of the session expiration or of the unauthorized requests. The solution I chose is composed from 2 parts:

protected void Application_EndRequest(object sender, EventArgs e)
    {
      var context = new HttpContextWrapper(Context);<br/>
      if(context.Response.StatusCode == 302 && context.Request.IsAjaxRequest())
      {
        context.Response.RedirectLocation = null;
      }
    }
$("#global_divDialogContainer").ajaxError(function (e, xhr, settings) {

        if (xhr.status == 302) {

            //Code for handling expiration
        }

        return true;
    });  

For the second step you have to assure that your ajax request have the property global set to true (this is the default value) otherwise the global ajaxError event will not be triggered if an ajax call error will occur.