This contains a couple of simple examples showing how you can use response headers to indicate whether a user's session is expired. This example uses jQuery and ColdFusion, but you should be able to implement the basic concepts in just about any AJAX framework as it uses concepts that should be available to all XHR implementations.
The backend ColdFusion pages don't contain any logic for checking for session expiration, they just show how to return the headers. The session state is handled by the select box below.
To best understand what's going on, it's recommend you use an application such as Firebug, Fiddler or ServiceCapture which will allow you to monitor your HTTP traffic.
The "Customer Header Example" simple sends back a custom response header named "sessionState" which we read using the XHR object. This is a very simplitic approach, but allows you to build complete control over how your JS framework will interact with your application.
The "403 - Forbidden Status Code Example" actually forces ColdFusion to pass back a HTTP status code of "403 - Forbidden". The 403 response code is much like the "401 - Unauthorized" status code, but it won't cause the browser to try and re-authorize the user. If you actually want them to authorize against your web server security, then you can use 401 instead. However, most web applications general use a custom web interface for handling session management which is why I used 403 in this example.
Please select the a session state below and click one of the two buttons below.
List below is the source code from the 2 ColdFusion templates that are being used. For these examples the session state is being tracked by a URL parameter passed in based upon the select box above. In your actual code, you'd want to replace the code with the actual logic you need for validating a session.