My application is authenticating using RSA authentication manager

Once the user is logged in, its logged in userid is retrieved from request header, role determined from LDAP lookup. then this role is used by the JSF2 application to show certain sections on the page and other authorization dependent areas.

(Note: Instead of RSA this could use Tivoli as well).

Application timeout is controlled by web.xml session-timeout value which is currently set to 30 mins. And RSA timeout was set to 2 mins (for testing). When the RSA session expires before the application session , and the user performed any server operation like button click, the user was forwarded back to the login page by RSA automatically.
It was working fine.

AFter I added ajax functionality to some of the buttons in the application, using the following f:ajax tag

< h: commandLink id=”todayOrdersLink” value=”someValue”
action=”#{someAction}”
onclick=”clearAllElementsInHiddenDivs(‘confirmationSearch’); > < f:ajax execute=”@form” onevent=”showWorkingIndicator” />
< / h:commandLink >

now when the RSA session expires and I click on such a button, the server call is not made by the button, it rather shows javascript popup saying malformed XML: Document is empty.

However if i click F5 button or browser refresh button to force a server call, then the earlier behaviour of forwarding to login page still works. I have to somehow be able to make a server call from the ajaxified buttons after the RSA session expires.

any help will be apprecaited.