diff --git a/lam/lib/security.inc b/lam/lib/security.inc
index a5ea2ad8..2e7818f4 100644
--- a/lam/lib/security.inc
+++ b/lam/lib/security.inc
@@ -38,9 +38,12 @@ checkClientIP();
 
 /**
  * Starts a session and checks the environment.
- * The script is stopped if one of the checks fail.
+ * The script is stopped if one of the checks fail (timeout redirection may be overriden).
+ * 
+ * @param boolean $redirectToLogin redirect user to login page
+ * @return boolean true if all ok, false if session expired
  */
-function startSecureSession() {
+function startSecureSession($redirectToLogin = true) {
 	// start session
 	if (isset($_SESSION)) unset($_SESSION);
 	if (strtolower(session_module_name()) == 'files') {
@@ -69,10 +72,14 @@ function startSecureSession() {
 		// ok, update time
 		$_SESSION['sec_sessionTime'] = time();
 	}
-	else {
+	elseif ($redirectToLogin) {
 		// session expired, logoff user
 		logoffAndBackToLoginPage();
 	}
+	else {
+		return false;
+	}
+	return true;
 }
 
 /**
diff --git a/lam/templates/misc/ajax.php b/lam/templates/misc/ajax.php
index 1d26434d..7f4790cf 100644
--- a/lam/templates/misc/ajax.php
+++ b/lam/templates/misc/ajax.php
@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2011 - 2012  Roland Gruber
+  Copyright (C) 2011 - 2013  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -36,7 +36,14 @@ if (isset($_GET['selfservice'])) {
 	// self service uses a different session name
 	session_name('SELFSERVICE');
 }
-startSecureSession();
+
+// return standard JSON response if session expired
+if (startSecureSession(false) === false) {
+	echo json_encode(array(
+		'sessionExpired' => "true"
+	));
+	die();
+}
 
 setlanguage();