Request objects and authentication redirects

My application uses DispatchMappingAction objects to handle a variety of user functionality. Each DispatchMappingAction is actually extended from a BaseDispatchMappingAction where in the executeBefore() method, I test the user's ticket and redirect to a login page if necessary.

I'm finding that if the user was in the process of filling out a form and then their ticket expired, the form data is lost after they submit, because they are redirected to the login page and redirects start a new request. What are the general ways to handle this situation? If this is not the optimal way of doing things (unfortunately I didn't write this code so I'm trying to avoid rewriting if possible) what should be the proper way?

Thanks.

Also, can you please explain what you mean by ticket? I assume you are referring to a session.

Anyway, if something (a ticket) expires that requires them to login again, why should they be able to submit a form after it (the ticket) is expired?

Yes, I guess a ticket is a session and it has a timeout value. The authentication is done externally.

Hmm.. you raise a good point. If the session has timed-out, I should probably make them go back to the form and re-enter all the data?

Originally posted by Darien Cheung:
Hmm.. you raise a good point. If the session has timed-out, I should probably make them go back to the form and re-enter all the data?

Exactly. I believe that is the common practice. Although sometimes there may be a javascript timer on the front end that warns a user that their session is about to expire and allows them to keep their session alive without reloading the page or losing form data. There are a couple of ways to accomplish this. Post again if you want to know how to implement it.