Sometimes, such as when an email validation or a password reset is required, the login session can expire before there is time to respond. Once the session has expired there is no simple way to start a new session as refreshing the page still carries the same token and it seems that you need to restart the browser (possibly going back to the original URL will start a new session) to create a new session.
Ideally the length of time for these events should be extended to allow completion. Additionally a link, or better still a button, on the session timed out message dialog to automatically start a new session would be very useful in order to make the process as easy as possible for user.
Just some more support for this request. If you are registering and a email confirmation token has been sent, but you have left the browser for a while, this results in an invalid transaction id, even if you have requested the token to be resent.
There is no way out of the screen, not even to go back to the calling website.
One of the main support issues we are having is that users (as the Sphinx login is the first thing that is called) are bookmarking the login form and so they get an expired transaction id straightaway.
Bookmarking the login form will never be safe anyway, because it contains a state variable created by the app that called the login page, and that state changes every time the login page is invoked.