Hilla Documentation

Handling Session Expiration

How to detect session expiration, for example to show a login view to the user.

Use the built-in middleware InvalidSessionMiddleWare to detect session expiration. For example, you could use this to show a login view to the user.

How to Use the InvalidSessionMiddleWare

InvalidSessionMiddleWare requires OnInvalidSessionCallback as a constructor parameter. OnInvalidSessionCallback is a function that takes no parameters and should return a promise of LoginResult. LoginResult contains the metadata of a login result, including:


Indicates whether the login attempt has failed.


In the event of a successful login, this is the cross-site request forgery (CSRF) prevention token, which can be extracted from the index.html page. See CSRF Protection of Hilla Endpoints for more information.


A short text describing a login error.


A more detailed explanation of the login error.

Example using InvalidSessionMiddleWare
import { ConnectClient, InvalidSessionMiddleware } from '@hilla/frontend';
import { setSessionExpired } from '../auth';
const client = new ConnectClient({
  prefix: 'connect',
  middlewares: [
    new InvalidSessionMiddleware(async () => {
      const { LoginView } = await import('./login-overlay');
      return LoginView.showOverlay();
export default client;