Register now or log in to join your professional community.
Refreshing a page which performs a postback , it can expire the session again depending on what action you performed , best would be to not allow the same action and inform the user that transaction is completed.
If it is expiring the session for GET requests , I would say it's overdoing security. Reasons being we can't assume that the browser and server will always go hand in hand . So most of the times network latency (delay) or not found people will refresh the page , so a site should expect refreshes.