When my session times out, the user is asked to log in again. But this often happens when the session contains information to build up the JSP. So, when I log in again, I get JSP exceptions (NoBeanSpecified, etc.), since this session information is lost. So it would be more suitable to show a message like: 'please close all pop-up windows and login again'. But I can't seem to configure this in my web.xml.
You definitely couldn't arbitrarily render another page when the session times out because the client isn't making another request. You could also create a filter that checks to make sure the user is signed in--if they aren't, they are instead redirected to a login page, or some other page.