If the toolkit is not using cookies, the CSServer handles a session timing out. Set the timeout value as part of its definition as follows:
<CSServer id="realCSServer" inactivityClientTimeout="1800000" timeBetweenSessionCheck="3600000" appSessionTimeout="30000" />
The inactivityClientTimeout attribute sets the actual expiration timeout of the session and the timeBetweenSessionCheck determines how often the thread that searches for expired sessions performs this task. Both are set in milliseconds. In this example, the session expires after 30 minutes of inactivity (1800000) and the thread that will detect expired sessions is activated each hour (3600000).