Just a minor niggle rather than a bug, but could you make it so that when you attempt an Ajax request on a page where the session has expired then it redirects to the login page rather than giving an error message?
I often have the situation where I’ve left my QuickFile on (say) the list of purchases page and gone away for a couple of hours, and my session has expired. Then I get an email invoice from my supplier and I go back to the QuickFile tab and try to make a copy of that supplier’s previous invoice to log the new one. This fires an Ajax request which gives me the “something just broke, an engineer is on the case” error message.
I see you’re using jQuery
$.ajax and I know that lets you distinguish between a real error and an expired session by HTTP response code (5xx for a server side error, 401 for an expired session). If you could make the 401 handler redirect us to the login page then that would be consistent with the behaviour of non-ajax links.