well i post this in Cold Fusion but this question is more general about Sessions at all.
If the user visits my website, he gets a new session (CFID+CFTOKEN). then he might log in to the system. his authentication is also kept in the session, if the login was successful. If the user spends to much time in the system, without doing anything, the session will run out and the session information is lost (well, hehe, you probably noticed that these are just some session basics)
now the problem:
if the session ran out, the user must be informed about it, so i must recognize it somehow.
simply to check if a specific session variable is set or not, is not enough, because any use who will visit the site for the first time, would also get a "session timeout" message, but he shouldnt.
My first two ideas:
1) Checking the Referer. If the referer is my site and the session variable which was set at the beginning doesnt exists, he probably lost his session, else he is a new visitor
- Well, but i dont like it. Simply dont like it :) Checking referers is nothing really secure.
2) when the user visits the domain, i set the variable and forward him to a different page. when, on the different page, the variable is not existing anymore, the session was lost, because the new visitor would not access it directly
- Also not a very good technique, because the user might bookmark the "different page" and use it for entry, so i also cannot recognize it clearly
I hope there are another ideas, or maybe even some approved methods?
By the way, i dont want to set Cookies. No Cookie at all. Even no so called "Server Cookies" if possible.
Thanks in Advance