Checking login status at client side

Question

I want to learn what is the best practice to check login status at client side. What I am trying to do is checking user's login status and if he is not logged in open popup box (login box) using JavaScript.

I can think of 2 options

1. Make an AJAX call to server and get the login status.
2. Have a variable in your HTML page and check this variable with JavaScript at client side. Of course I do not trust this check, I still have all the necessary checks in my controllers at server side.

Option 1 is good but it can add some latency/delay so it may not be the best option in terms of user experience. Or am I wrong, with a good server (I am planning to use amazon web services) this delay will be so minimum and user will not understand it (Question may look silly but this is my first web development so please be understandable :))

I can't see any problem with option 2, please correct me if I am wrong. As I said I am trying to understand the best practice.

Answer 1

The best way to avoid server hit/network latency as well; You can put a client variable which has the login status (as you said in your question), but main thing to avoid server hit and network latency (AJAX), You just use the same logic which is at server side to set the login status as false. Suppose say the logic is to sety login status to false after 5 minutes of inactivity, You can do the same at client side as well.

So overall I mean to say is, Implement the same logic at client end to set the login status false. and based on that you can show your login dialog immediately with any latency. And in BEST PRACTICE you should always do double verification i.e. at server end on each and every requests for authenticated stuffs you should check that the client login status matches the server login status, since the client's login status can be tampered one.

Good Luck...
Happy exploring :-)