I'm using twisted web (not nevow) in an application right now. I'm handling expiration by having a LogonState Session variable, which has an is_logged_in member that defaults to False. All requests are checked for this and redirected to my logon page if is_logged_in is not true.

This is all working fine, but unfortunately, it means that timeouts are abrupt - you are just re-directed to a logon page with no warning the next time you try to access a resource after session timeout.

Session expiration callbacks don't seem that useful here. I'll be notified, but then the session is gone and I no longer have any way of knowing if the next request is from someone who once had a valid session, but no longer does.

How do others deal with this issue?