On Monday 10 May 2010, firstname.lastname@example.org wrote:
I'm using twisted web (not nevow) in an application right now. I'm handling expiration by having a LogonState Session variable, which has an is_logged_in member that defaults to False. All requests are checked for this and redirected to my logon page if is_logged_in is not true.
This is all working fine, but unfortunately, it means that timeouts are abrupt - you are just re-directed to a logon page with no warning the next time you try to access a resource after session timeout.
Session expiration callbacks don't seem that useful here. I'll be notified, but then the session is gone and I no longer have any way of knowing if the next request is from someone who once had a valid session, but no longer does.
Since the session is remembered by storing a session ID in a session cookie, maybe you could check for the presence of that cookie in the request? If it is present, you could add an argument like "reason=expired" to the login redirect.