"The problem I have found is that if you have security enabled (via security-constraint, login-config, security-role etc in web.xml), and have a short session timeout, any user activity after the timeout expires causes a redirect back to the auth-method (e.g FORM).Once authentication is successful, processing then continues where the user left off however any context objects that were bound to the previous session are lost and the results are unpredictable. I too would like to detect the timeout and redirect to a "proper" login however the presence of security is causing me a problem. Does anybody where I can tap into the logic flow or if there is a class or method that I can extend to do it my way?"
We're pleased to have you here with us on the Ranch, but there are a few rules that need to be followed, and one is that proper names are required. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.
In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.
i think you can do it with auto-refresh. add <welcome-file-list> element in your deployment descriptor.
whenever you request any page of that application and already got session time out, then you will be forwarded to the page you mentioned in <welcome-file-list> element. So, think about auto-refresh after time out.