Hi, > I've got a business requirement that session invalidation must not be a > disruptive event (no "expired session" warning or anything similar).
Is session invalidation an requirement? Put a container into your session and throw it away if you want to invalidate the "user session". mm:)