Each time a client request is sent to the server a predefined, application-wide, configurable session timeout value is written to the page to determine when a session timeout should occur. A page is considered eligible to timeout if there is no keyboard, mouse or any other programmatic activity on the page. Moreover, an additional application configuration option exists to warn the user sometime prior to the session expiration that a timeout is imminent.

In this recipe, we will see how to gracefully handle a session timeout by redirecting the application to a specific page, the login page in this case, once a session timeout is detected.