We are doing some ASP pages, which is something fairly new to us. I am not the developer that is doing the changes, but was looking around on EE for an answer.
Some sites I visit (like my bank) will pop up a window with something like "your session has expired, click OK to stay logged in". You cou can click OK and it will close the pop up and take you back to the bank's window (and refresh the timeout) or click cancel (or do nothing) and the pop up closes and the main window redirects you to a "you have been logged out" window.
We would like our ASP pages to do the same. We can detect the timeout and when the user clicks on something on our page it does then direct them to the login page. Our ASP apps also open up different windows to show reports, etc. It would be NICE if when they were timed out we could close all of those and redirect them to a "you have been logged out" page as well.
My ASP developers seem to think having the popup and the redirect (w/o the user doing anything) are hard to do - I am betting it is not that bad. Help me help them get it "right". Maybe we just need a Java script include on each ASP page to handle the timeout detection, pop up window, and redirect? We are runnning on IIS 5 on Windows Server 2000 connected to a SQL server 2000 database.