HTTP is a stateless protocol. Unless the client makes a request there's no way for the browser to know the session has expired.
You *could* fire off an Ajax request every minute or something, from every page, and if the session has expired, redirect to a new page. Otherwise you'd just check for a valid session on every request (like from a filter or interceptor) and redirect if it's expired.
Oh, hmm. I've run circles 'round myself logically.
I guess you could track access against all but the "am I alive?" XHR request, setting a session last accessed object (separate from the session's actual time) and checking it in the XHR request handler (but not updating it) or something.