VRSpace.org

Expired sessions are destroyed, currently this is caught only in SeleniumConfig.sessionDestroyed (HttpSessionListener).
(and subsequent http requests that require authorization are forbidden)
But the websocket remains open.
Server could (should?) close it with the appropriate code.
Websocket session keeps HttpSession in HTTP.SESSION attribute, SessionManager tracks all sessions and clients, Client contains websocket session.