hi anand,
when time out occurs , how are you redirecting to the jsp ? , in mast head component we have standard java script logoff() functionality available , so as you have specified that time out occurs , during this time trigger a java script that calls logoff() function so the user is completely logged off.
Here im not able to understand , like when user A logs in and after time out , it is redirecting to jsp which inturn redirects to login page , here again when you give user B credentails , you are telling that data that is seen is actually Users A data ---? how can this happen , if you are redirecting to login page and if it is the same session , then im sure that after time out user A has been successfull logged out . hence you are redirected to the loginpage for entering the credentials. Inturn if the User A was not logged off and only redirection has occured to your jsp and then to login page , with out giving any credentials it loggs in again as User A .
Time out part how are you handling ?
Regards
Govardan