Invalidating the session after 30 seconds
I don't necessarily agree with your approach, but you've already communicated about that :-) User invokes logout action: store value of timeout (maybe in the session? In fact that 'answer' was in the original question. Because the process that creates the login page (a tile) calls Session() so that it can store a theme setting for the session.;-)) set session timeout to 30 seconds User invokes login action: if that default timeout value is stored in session, set session timeout to that value, and remove the attribute. I thought from reading all the other stuff that you had another answer but were reluctant to provide it. If the previous session (now logged off) has been invalidated by the logoff process, that call will create a new session.
This allows me to re-display the login page without having to invalidate the session, so the session 'naturally' decays quickly.
If I invalidate the session on logout, the process that displays the login page (because it sets themes, etc) has to create a new session instance because the current session is now invalid.
By setting a short inactivity timeout, and NOT invalidating the session, I avoid the login page processing creating a new session, and so even though the user gets to see the login page again, the session will expire in 30 seconds should they exit their browser.
Again, there is no supported way to read this value.
You'll need to roll your own, but I still question the necessity.