I suggest letting the server tell you if the session has expired. You are sending the cookie anyway either in the request header or in the url.
If the server always returns a status node with code and severity, you can check the value of severity (0=success, 1=warning, 2=error, 3=fatal) and act upon the specifed code (e.g. dialog the user, modify the cookie, dispatch a sessionHasEnded event.) Use the severity to determine error or success and use the code to determine the behavior and to localize the dialog message**) At the company I work for, our messages are actually soap and sessions are based on SAML so they're a just little more complicated than the samples below, but these illustrate it better anyway. REST Request : http://helloworld.com/getWallet?id=[cookie-value] Good response <Response> <Header> <Status code="wallet_servlet.success" severity="0" message="*" /> <Session id="[some-new-cookie-value || original-cookie]"/> </Header> <Body> <!-- Empty Wallet --><Wallet/> </Body> </Response> Bad Response: <Response> <Header> <Status code="wallet.session_error" severity="1" message="*" /> <Session id=""/> <Header> <Body/> </Envelope> * I could generate some "Lorem ipsum dolor" for the message but a simple message is good for wap clients etc that have room for localization messages. ** In your localization file you can say something like wallet.session_error=You must be logged in to do that.