Session Time out

Question

When my login page is loaded browser is creating the session . But user doesn't log in until the session times out . But after that he tries to login. But as session has been already destoryed he is taken to session expire page.

Now my requirement

If session get destroyed when user is still on the login page i should redirect him to session expire page before he tries to login i.e when session destroyed event is fired i should be redirecting him to session expire page.

Please let me what should be my approach on this.

Answer 1

The server can only redirect the browser when the browser sends a request, and a user just sitting at the login page isn't sending anything.

However, the web page could make regular background AJAX requests to the server, constantly checking for session expiry. If the AJAX request is informed of an expired session, the browser inform the user.

However, it's likely that the AJAX request itself will actually keep the session alive, which rather avoids the problem to begin with.

A nicer solution, perhaps, is not to create session when displaying the login page, deferring session creation until the login attempt is made. That may not be an option for your design, though.