How to detect if users session timed out?

I have a button that shows a spinner on a modal dialog while a utility hook is executed. The problem is when I leave a browser tab open for a few days, that session times out but I can still click that button which opens a modal. When that happens, the modal remains open but the user is redirected to the login screen. I’d prefer to not open the modal at all (or close it, at least) in this case. Is there a way to detect this scenario?

Here’s the actions run by the button:

            "action": "showModal",
            "nonBlocking": true,
            "options": {
                "body": "<i class=\"fa fa-spinner fa-spin fa-3x fa-fw\"></i>Please wait while we prepare your invoice ...",
                "icon": "",
                "options": {
                    "blocking": true,
                    "buttons": [],
                    "hideCloseButton": false
                "overlayTheme": "dark",
                "text": "Processing ..."
        }, {
            "action": "runUtilityHook",
            "function": " =",
            "options": {
                "modelFilterKeys": [],
                "type": "download-invoice"

You could test for if a users is authenticated but this sounds like it could be better handled.

We are in the process of adding new error and event layers in BF.

Ideally how do you imagine it would be handled ala BF?

I just realized that I miss-understood this issue. I forgot that I setup a test for user account in almost all my HookSet Dispatch scripts, which redirects to the login page if the payload does not include the users email address. That means I can add a hide modal action to that code as well. Here’s the actions now:

Knowing this now, I’m not sure how BF could better handle this. I do know I was surprised when I first found out that utility hooks can be run without authentication from a form that requires authentication.

Yeah they have to be able to since some pages don’t require auth.

We have to new code that could restrict this on auth’d pages that don’t have auth though. So it could be possible.

I will add to our notes to review.