A session timeout occurs when a unique application session (e.g. a web session) expires due to a time limitation placed on the session.
A session is a way of uniquely identifying an instance of usage of an application. This is often achieved by the assignation of a unique token, which the user must provide each time they invoke an operation within the application. In this way, sessions are one way of overcoming the stateless nature of HTTP requests.
A session may have an arbitrary expiry time associated with it. Once this expiry time has been reached, the session is no longer considered valid. Session expiries can either be fixed or sliding; a fixed expiry indicates a definite point in time at which the session becomes invalid, while a sliding expiry indicates the maximum amount of time between individual requests which is allowed to elapse before the session becomes invalid. In this manner, a sliding expiration may never timeout.
Session timeouts are not errors in themselves; they are valid states of a session which indicate that the session should not be used, and all requests which attempt to use the expired session should be treated as erroneous. However, faults may arise due to sessions timing out before they have expired, or sessions considered valid when they have passed their expiration time.
See also: Session (computer science), Session Management, HTTP Cookies
