Logout your users automatically after their session times out
One of the common issues I see in webapps is a user leaves their computer, their session times out, and when they come back to do something - the app throws errors b/c their session is null. There are several easy ways to fix this. If you use Container Managed Authentication, the user will likely be prompted to do login and can continue as before. If you're using a slick Remember Me feature (like AppFuse has), the user won't even notice. However, you might not have these options available to you. For those circumstances, I recommend you put a meta-refresh in your app to automatically show the uses a timeout message when their session expires. It's as simple as the following:
<meta http-equiv="Refresh" content="${pageContext.session.maxInactiveInterval}; url=timeout.jsp"/>
I used JSP 2.0's EL in this example for simplification. If you're using a JSP 1.2 container - you'll have to wrap that expression with a <c:out> tag.