I've got an application that uses the
Servlet container's session timeout facility and implements a LoginFilter to check the target for the GET/POST. If the target requires a login, the Filter checks that there is appropriate user information in the HttpSession. If not, it dispatches to the usual Login/Register page. All of this works just perfectly.
But the user experience is not ideal. When the session times out, the user is sent to the login page whenever they click on a link within the application. So they click on the "play music" link, and get the standard Login page, without any prompt or error message. When they have cookies enabled and the account setup for automatic login using the cookie, then they are taken to the main landing page. So they are scratching their heads going "why is the music not playing"
A better flow would be to display a page saying "your session has timed out, click here to re-Login"
I'm not finding what I need to do to have either the LoginFilter notice the timeout, or have another filter/function called. The LoginFilter can easily tell that the user is logged in, or not, but not why they are not logged in. Its nicely stateless, which is good in some senses, but not ideal for the user experience.