Efficient way to check loggedin status via ajax

Report · Feb 10, 2016

I'm looking for a way to improve performance of an ajax request that checks for loggedin status of a user. This is used in my bcpie.js script. The solution needs to be cross-site compatible, so it can't depend on pages that exist on one site and not another. Currently, this is how I do it:

Every 15min or when the window gains focus, whichever is sooner, it checks the status via ajax.
The call is made to the root of the site ( / ), because every site has a start page.
In the footer of every page (through an include on the page templates), there is some liquid that, among other things, tells the loggedin status.
The script looks for that loggedin status in the ajax response.

This has worked fine for a couple years now (not always using liquid), and continues to work fine to this day. However, I've always been concerned with the performance of requesting a page that is often very heavy with images and other data. Ideally, I would be able to request just the loggedin status from the server, but that's not an option. And choosing a different page to request is problematic, as this needs to work on anyone's site.

So far, I have only one idea, which is to require a certain Include to be installed with the script. The include could be located at /_system/includes/utilities/loggedinStatus.inc. The benefit of this method is that I can simply add the {{globals.user.isloggedin}} snippet to it, so the page would be tiny.

Any other ideas?

Report · Feb 10, 2016

Hi Adam

I here you on this. Your idea sounds good but there could be one small catch. I have an ajax that I tried to use with a .tpl extension but it would not render the liquid. I can get .html to work but (and this is a novice talking) it looked like using the .tpl would not render the page you just get the raw liquid returned. Using .html works as the server renders the page when called. So this is not a problem but if I a right then it means /_system/includes/utilities/loggedinStatus.inc would need to be /_system/includes/utilities/loggedinStatus.html and then it will turn up in the pages of the site something I was trying to avoid. Have you tried this?

Cheers Daniel

Report · Feb 10, 2016

I can confirm what Daniel is saying.

All my AJAX calls have needed to be .htm or .html pages and I would so dearly love for it to work with .inc and .tpl files for several reasons, mainly so that the ajx content file does not clutter the BC File Manager. Alas, it has to be .htm(l) and hence viewable in the BC admin to client to tinker with.

Report · Feb 10, 2016

You guys are right. I wasn't thinking through it very well. Got another idea though, and I think this one might work.

In the near future, every copy of BC Pie will be distributed and maintained through an admin app. This means every site that uses BC Pie will also have a public folder where I can store a .html file. The file will be accessible, but not show up in the admin. Thoughts?

Report · Feb 10, 2016

We do this for many files (even non-App ones), it works great.

Report · Feb 10, 2016

So this is not best practice. But with the public folder in mind. Thanks Adam. I added a folder to the Apps folder called ajax/public/filename.html and it does not show up in the admin as expected. I also just tested it and it seems to work. So if not part of an app you could use this trick to hide html files from the admin. (note this was a quick test needs more to confirm there are no issues).

Report · Feb 10, 2016

Don't forget to test that the file is available to sessions that aren't logged in to the backend.

Report · Feb 10, 2016

Good thinking and your are correct it does not work if not logged into the backend. I suppose you could register it as an app and see if that works.

Report · Feb 10, 2016

There's no need to register any app, just make sure it's in a path like this:

    /_System/apps/appname/public/foo.html

Report · Feb 10, 2016

It looks like that's what he did, Robert. He had /_system/apps/ajax/public/filename.html.

The bad thing about this, besides the obvious bad practice of polluting the apps folder (which you guys already understand), is that it is exactly the type of thing that the BC team will see as a hole in their security, and close the hole as soon as possible.

It would be nice if we had a system folder that was dedicated to this very kind of thing. Visible on the frontend, but not visible in the Pages.

Report · Feb 10, 2016

It does work now logged in or out I just had a mistake when I first tested it not logged in to the backend.

If you registered the ajax dummy app. Then it should be safe I would have thought. Still messy though and a better option would be welcomed..

Report · Feb 10, 2016

I think if you're going for performance with ajax I would create a blank template and check the "No HEAD elements" then create a blank page and assign that page to the blank suppressed template. Then add your necessary logged in status information.

I know this doesn't solve your problem of making sure it's on every website but maybe part of the bcpie installation is requiring every site to have a page called /_logged-in-status that has a noindex meta tag.

Report · Feb 10, 2016

Sounds like a doable idea as a workaround for a specific website, but not very clean for an overall solution.

Adobe Community

Efficient way to check loggedin status via ajax