If you submit a login form after your session has expired, you get the viewexpiredexception page. From there, if you click log in you can log in again, but you will be redirected to the viewexpiredexception again.
We should change the viewexpiredexception page so that it redirects you somewhere else if the view is no longer expired. Ideally, back to the original page you requested, as long as it wasn't something like the login page. Failing that, the dashboard would probably work.
We should do something similar for the error page, when there is no error to report.
Also, the current message:
"You have been away for too long...
... and your session has expired. Please click the button below to go back to the original page or hit back on your browser."
should probably be a bit more apologetic. It sounds like we are blaming the user.