I am controlling the session of my application with Spring Security, I have two rules to terminate the session, max-session
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"
expired-url="/publico/login.jsp" />
</session-management>
And it has the timeout
<session-config>
<session-timeout>20</session-timeout>
</session-config>
One way to get this message to say that session has ended, is to use a parameter in the URL ( expired-url="/publico/login.jsp?sessionExpired=sim" ) and have a conditional on EL on the login page to check for when this parameter appears in your URL, show the body of the message.
Ex:
${param.sessionExpired}
Use "param" to get any type of parameter, it is similar to using "requestScope" to get any attribute set in a Session. ${requestScope.nomeDoAtributo}