Open slushyash opened 10 years ago
This seems like a good approach, but do we know if the server supports HEAD
requests? If I recall correctly, most servers need to be explicitly configured to accept HEAD
requests, and considering the server is some Microsoft concoction, I'm not sure if that's the case. Can someone look into that?
I tried the following in cURL: curl -I https://accesscenter.roundrockisd.org/homeaccess/Student/Gradespeed.aspx?target=https://gradebook.roundrockisd.org/pc/displaygrades.aspx
(-I
sends a HEAD
request). It worked and gave me a 500 Internal Server Error like it should. On my machine it took an average of 0.7 seconds. Wonder if there's a faster way :/.
I think the alternative is that we measure how long it takes for GradeSpeed to time out and keep a timestamp every time we request GradeSpeed-related information. That might be a faster way, but perhaps more error-prone.
I have implemented HEAD requests in qhac-ios as a method for detecting if the user is logged in or not, which works relatively well. Even though the districts we currently support run horribly broken web servers, the HEAD request, if not logged in, will return either a 500 (not logged in) or a 200 if the current session is valid.
AISD is a bit strange, in that the server doesn't necessarily return a 500 if the session expired, so instead, code should interpret any HTTP status code besides 200 OK as an error that requires re-authentication.
Is there any way to write an isLoggedIn() function without accessing the grades website ?
We might be able to use a HEAD request as shown here: http://stackoverflow.com/questions/333634/http-head-request-in-javascript-ajax. That way we would just get the header: if it's
500
we know that we need to login again, but if it is200
we know that we don't need to login again.