The session expires, or becomes invalid, when there is no activity from the user for a predefined length of time. By default, session timeout is thirty minutes; it is set by the sessionInvalidationTime property of /atg/dynamo/servlet/session/SessionManager. Once the session expires, if the user tries to access any page, he or she is not recognized and is not served the expected pages. For example, if a user requests the checkout page and then takes no actions for more than thirty minutes, when he or she returns and tries to submit an order, an error is generated.

In Motorprise, we wanted to avoid these session expiration errors. We used the CheckSessionExpiration servlet, an instance of the class atg.projects.b2bstore.servlet.WACheckSessionExpiration, that is invoked in a request-handling pipeline. It checks the session of the user. If the session is valid, it passes the request to the desired page. If the session is expired, instead of generating an error, it redirects the user to a login page that instructs him or her to log in again. The relativeExpirationURL property of this servlet specifies the page to which to redirect the user.

We used this approach to session expiration for both registered users and anonymous users.