Is there anyway of throwing a server error (like a 401 Unauthorized) in a servlet if the user's session has expired ?
I think the better way to do that is using Filters.
Define a filter on /* to see if the hit is for say.. Login.jsp / LoginsServlet or not...
As long as request is not for such "unprotected" resources, check if session exists / a particular variable exists in session..
If no session exist, throw back 401 Unauthorized (response.sendError() ). Or better still forward the user to your Login action / jsp.
If session exists, just let filter call doChain() for next filter in chain.
If the request is for unprotected resources, you can again let doChain get called.