Strict Control of Session Execution

I think that the best idea about a strict Session management stays in the Sessiontimeout property.
I personally write my applications into a frameset where there is an Hidden frame that contains a document which is refreshing itself every 20 or 30 seconds (meta tag refresh).
I set up Sessiontimeout around 1 minute (or less if the application is highly security critical) and then I leave
the refresh do the job.
For security issues all the documents has a behavior that in case of onClose event will launch a session shut-down template that does the kill-session job.
I use this architecture only in the applicative part dedicated to those who do data-entry or db direct control, because, from the public point of view, few visualization queries are not critical as well as a remote dataentry may be.
s-)