Hi Monish
Thank you for the response.
1. The users are not needed to enter the credentials for the first time.
2. So when the session time out, the user click the OK prompt pinger. At this time, the user is prompted for user name and password. I believe, it happens because of the url presented in the browser (as mentioned in my problem)
3. Yes. I agree. That's why we implement SSO. Users only know the windows user account and password. Suddenly they are prompted for a different user account and password which they are not aware of.