I think that the best idea about a strict Session management stays in the Sessiontimeout property. I personally write my applications into a frameset where there is an Hidden frame that contains a document which is refreshing itself every 20 or 30 seconds (meta tag refresh). I set up Sessiontimeout around 1 minute (or less if the application is highly security critical) and then I leave the refresh do the job. For security issues all the documents has a behavior that in case of onClose event will launch a session shut-down template that does the kill-session job. I use this architecture only in the applicative part dedicated to those who do data-entry or db direct control, because, from the public point of view, few visualization queries are not critical as well as a remote dataentry may be.