What to do with a timed out user trying to use ajax functionality?

Here is the scenario,

1. User Logs In
2. User gets up, goes to get some coffee, and talks to co-worker Steve in the kitchen for 15 mins
3. Users session times out
4. User comes back to desk and trys to use a field on his/her screen which utilizes ajax functionality

Now, In the ajax page I am checking to see if he/she is logged in, but what do I do with the user? If I just return nothing from the ajax page, then the user does not know why the field is not working. If I try to use header("Location: "), that will not work as expected.

I could return a message saying you need to refresh the page, but that is kind of lame. What I would like to do is return the user back to the main page. I could do this using javascript obviously, but that is relying on the fact that user did not just go to http://website/ajaxpage.ajax.php and has javascript disabled. So what is the best way to handle this?

UPDATE

What about automatically refreshing the page after 15 minutes passes? Maybe using a meta tag? Or a javascript timeout on the page? That would cause the user to just see the login screen automatically when they sit down, however if they are on the same page for 15 minutes it may refresh and be ann开发者_JAVA技巧oying.

Is it using jsonp? You might be able to return a function that sets window.location and is called as the callback.

Alternatively, you can modify your logic in the JS and return a JSON object that has a timed out indicator, in which case you can handle it appropriately in the AJAX callback. for instance, you can put up a timed box that says "Your Session has Expired - please login again" and then redirect them to the login page.

EDIT In response to your update, I wouldn't automatically refresh it. What you can do is put in some smart idle detection logic and manage the refresh with setTimeout. Here is an example of one using Prototype, but you probably don't want to base it off mouse move.

You could send back a special message from the Ajax page, to indicate to your JavaScript code (running in the user's browser) that it needs to refresh the page. To do that, all you need is

window.location.reload(true);

https://developer.mozilla.org/en/DOM/window.location

before sending whatever data you are going to send to the ajax page, send a real quick query that checks session status, return a simple 1 or 0. on 1, continue and do the ajax action. on 0, call another function that pops up a modal "Login" box, sends that login info via ajax and again gets a 0 or 1 for un/successful login. if returns 1, then return and continue inital action, otherwise re-present the modal login box.

You could set a session_id in the cookies and allow the user to "stay logged in on this computer" so when it expires, and the user tries to use the ajax function, it could actually log him back in.