If the user authentication is active (configured using security-constraint in web.xml) the first time a page loads the session is timed-out.
That is the page loads, but if i click on something the timeout page appears. The second time I load the same page it doesn't happen until I reload the webapp.

I didn't try servers other than Tomcat.