Using RequestCache when using session-management has invalid-session-url

[MrStanaland]

After upgrading from Acegi to Spring Security, I am trying to recreate the old behavior that would allow showing a "Session Expired" message on the login page while still redirecting to the original request's URL.

This is the same issue described here:
http://forum.springsource.org/showth...id-session-url

The main issue is that the original request is cached when ExceptionTranslationFilter calls the following method:

requestCache.saveRequest(request, response);

However, when I add the following to my <http> tag, the ExceptionTranslationFilter is never called:
<session-management invalid-session-url="/login.html?timeout=true" />

The possible solutions I can think of are to use a custom SessionManagementFilter or a custom InvalidSessionStrategy that calls requestCache.saveRequest(request, response) before redirecting to the invalid-session-url. However I cannot find a simple way to provide a custom SessionManagementFilter or to inject a custom InvalidSessionStrategy into the default SessionManagementFilter.

The other alternative is to use a custom ExceptionTranslationFilter that checks request.isRequestedSessionIdValid()...but that could be trickier since it relies on AuthenticationEntryPoint for the login page.

How can I call saveRequest before redirecting to an invalid-sesion-url?