Standalone environment - automatically create new session after expiration

Per this thread: http://markmail.org/thread/4tl42fnjdaztpbso

In a non-web environment, it would be nice if the SecurityManager would automatically/transparently create a new Session for a subject if their existing session expires. The web environment already works this way.

It would probably be best if there were a securityManager configuration attribute, say 'createNewSessionAfterExpiration' (or something similar) that would enable this feature.

I'm thinking it should be enabled by default, as I assume the large majority of application developers wouldn't want to catch InvalidSessionException in their code. It could be disabled by using the aforementioned config attribute.

The DefaultWebSecurityManager could just piggyback the same logic, simplifying its code (and its internal delegate WebSessionManager).