If you are planning to play the new Oracle APEX 3.2 version then be sure to checkout the new security feature Session Timeout.
Session Timeout will automatically invalidate your apex session if you use it. You can find session timeout under Shared Components -> Edit Security Attributes where you have have 2 options:
- Maximum Session Length: setting this property will allow you to define how long a user can use his session when logging in into your application, after witch the user will be forced to login again.
- Maximum Session Idle Time: Setting this property will define how many seconds a user can be idle before his/her session will be invalidated and the user will be forced to login again.
Optionally you can set a logout URL where you will redirect the user to, if the URL is an ApEx page then remeber to redirect the user to a public page.
The documentation of this new feature says that you can use three substitution items for your url: &APP_SESSION., &SESSION., and &APP_ID., although the session substitution items would probably have little value seeing the session has ended.