I have the following scenario:

1. User logs into the laszlo app using a SSO protected URL
2. The SSO session times out after 1 hour of inactivity
3. Now the lzx page waas actually making a JavaRPC or XMLRPC or doPost, so it gets a response of the SSO login page which will be interpretted as an invalid response by flash as it was expecting an application/xml response

My question is how to handle this scenario, i.e. how to refresh the web page so that the SSO login page is displayed to the user

I found a hack, i modified rpc.js under lps/components/rpc/library so that if undefined object type is returned as in case of SSO timeout i do
lz.Browser.loadURL(lz.Browser.getLoadURL(), '_self');
which causes the page to refresh and SSO login page is displayed to the user