Most people don’t do this as the value is far outweighed by the difficulty developing it due to the request/response
nature of web servers. How many sites can you think of that do this?
Also, how many users do you know will want to have to do something on your site, just to keep the session alive?
If it’s that important, just raise the timeout level (scalability/performance issues) or have something in the background
reposting (e.g. ajax update panel or similar).
And what if every site started doing this? Popup hell for users if their browsing style matches mine
The typical way of managing this, is to give the user a “keep me signed in” option, implement that in your login
page so they don’t care about the session timeouts because the sign in is transparent.
Having said that, how do you want it to happen?
Do you want this to happen on postback? If so, there is no point because on postback the session will eiher be
refreshed or will have already timed out.
If you want this to be initiated by the server, i.e. server detects upcoming session timeout and sends message to client,
which then displays the popup, then you have to conquer the problem of the server detecting the event in advance,
and the fact that the server doesn’t have a communication pathway open to the client (unless you get fancy with
java or something). Too hard.
So doing it on the server is pointless.
the popup. This is the closest you can approximate and is still flawed (e.g. when user goes back and forth in
browser history, )
I’d forget about it and just stick with the “whoops, you timed out” or “keep me signed in” pattern.