diff --git a/NEWS b/NEWS
index c448d9879..65a52a38b 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ Bug fixes
- [web] fixed all-day event dates with different timezone
- [web] fixed display of Bcc header (#4642)
- [web] fixed refresh of drafts folder when saving a draft
+ - [web] fixed CAS session timeout handling during XHR requests (#4468)
- [core] ignore transparent events in time conflict validation (#4539)
- [core] fixed yearly recurrence calculator when starting from previous year
diff --git a/UI/WebServerResources/js/Common/Common.app.js b/UI/WebServerResources/js/Common/Common.app.js
index 30a74b23b..62f62fc9b 100644
--- a/UI/WebServerResources/js/Common/Common.app.js
+++ b/UI/WebServerResources/js/Common/Common.app.js
@@ -310,18 +310,26 @@
if (/^application\/json/.test(rejection.config.headers.Accept)) {
// Handle CAS ticket renewal
if ($window.usesCASAuthentication && rejection.status == -1) {
- deferred = $q.defer();
- iframe = angular.element('');
- iframe.on('load', function() {
- // Once the browser has followed the redirection, send the initial request
- var $http = $injector.get('$http');
- $http(rejection.config).then(deferred.resolve, deferred.reject);
- iframe.remove();
- });
- document.body.appendChild(iframe[0]);
- return deferred.promise;
+ if ($window.attempted) {
+ // Already attempted once -- reload page
+ $window.location.reload(true);
+ }
+ else {
+ deferred = $q.defer();
+ iframe = angular.element('');
+ iframe.on('load', function() {
+ // Once the browser has followed the redirection, send the initial request
+ var $http = $injector.get('$http');
+ $http(rejection.config).then(deferred.resolve, deferred.reject);
+ iframe.remove();
+ $window.attempted = true;
+ });
+ document.body.appendChild(iframe[0]);
+ return deferred.promise;
+ }
}
- else if ($window.usesSAML2Authentication && rejection.status == 401) {
+ else if ($window.usesSAML2Authentication && rejection.status == 401 && !$window.attempted) {
+ $window.attempted = true;
$window.location.reload(true);
}
else {