For each user session add a datestamp at the session creation. For each
subsequent request that uses an existing session check the datestamp
against the current time. If the difference has exceeded your max session
timeout send the user to a relogin page that contains the message using the
Checking for the existence of a marker object in the HTTP session is a very
common security pattern.
Mike
Todd McGrath wrote:
The site I'm working has a custom login component where users must have
a valid username/ password combination. I would like to redirect or
present a user with a
The site I'm working has a custom login component where users must have
a valid username/ password combination. I would like to redirect or
present a user with a message when a Http session timeout has
occurred. You know, "your session has expired, so you must re-login"
message or something