When somebody browses to a portal webpage and lands on the login page, then waits a long time (the session expires) then tries to logon you'll get the following message:
HTTPS Status 400 - Invalid direct reference to form login page
This means the user directly accesed the login-page, not being redirected. (Which is according to the JEE specs).
But I'd rather see the portal giving a more user friendly message, or implement a workaround.
A possible workaround is to put the following in the web.xml:
<location>some index page (not login.jsp)</location>
But other workaround should also be possible.