We've had a
thread about this a short while ago:
https://coderanch.com/t/566179/Servlets/java/Session-time-out-notification
I quote myself from that thread:
I definitely wouldn't want a real-time session invalidation to do anything to my current browser contents. Imagine I log in, start reading a long piece of text, and after a while, while I'm still reading, all of a sudden my browser navigates to this error message page because the session is invalidated. That would be the last time I visited your site.
Still, it would be possible, by having some keep-alive timer in JavaScript that uses AJAX to query some servlet /
JSP that will tell whether or not the session is invalidated. But like I said, if you'd do that you will lose a lot of users.