We are building a SPA application using Durandal and we are authenticating the users via Windows ACS in Windows Azure.
We currently have a problem with users who leaves their applications open for a long time. When they come back, the ACS token is expired and the application won't redirect to the ACS login (since it is a SPA application).
Is there a good way to detect on the client side when the Windows ACS session times out?
I don't know Durandal, but I know all Ajax calls feature (optional) error handlers in which you can test whether the server status code is 401 or 403. (that's usually the case when the user tries to access a secure resource when he is not authenticated).
All you have to do is redirect the user to ACS with the correct parameters when this happens.