aakk9999 - 2:06 am on Feb 23, 2013 (gmt 0)
303 is no good as redirect goes to a special page that tells user that their session has expired.
@Andy Langton: I have to redirect (see below why).
The question is - should I redirect with 302 (which is doing currently), then respond with 200 when displaying "Your session has expired" (that page also has an explanation why the session has expired + nice menu for user to choose where to go next" or should I redirect with 307, but the second page still return 200 (as oposed to perhaps 503?)
Why I need to redirect:
The site is on IIS so it is a bit more complicated. Aparently, doing redirect to that particular page allows IIS to create a new session for the user once the user goes from "Your session has expired" page to any other page. Poping up the message would not do that. It is all to do how sessions are handled and how the memory caching is done (aparently almost the whole site is cached in server memory...).