another solution would be to launch a client-side javascript timeout
function that redirects user to login/signup page after session
validity time has passed (say, 15 minutes). this way user wouldn't
need to be redirected after clicking a link.
in one site i saw a similar solution:
- user opens a page and does nothing (nor with mouse or keyboard).
- a minute untill the session expires, user is presented with dialog
box that says something like "do something or you'll be logged out in
60 {and counting} seconds".
- if user moves a mouse or presses a key - the dialog disappears and
session is continued (some sort of "ping" is done via ajax to notify
server side of user's activity)
- if user is absent (i.e. no activity is detected in 60 minutes) user
gets redirected to login/singup page.
