Every WebSphere Portal based application needs to handle the Session Time outs. The current solutions advocated by the Developer works usually involve usage of customization of LogOut Auth mechanism.
What I am proposing is the use of the standard J2EE mechanism of creating a HttpSessionListener. This HttpSessionListener can be weaved into the web.xml of the wps.war file ( careful as this is part of the wps.ear which is the core of the WebSphere Portal deployment). So, now whenver the session gets timed out, the listener will catch the session destroyed event and the application can handle the event.
Remember, this customization is at your own risk. IBM does not support this.