Re: Can Session-Timeout be used to force users to re-authenticate?