What you've asked is how to deal with session expiration. The others have answered your question. But I think you're asking the wrong question. Let me explain.
What we want is a design pattern for user sessions on iOS. We need to look at it from the point of view of the iOS device:
- User installs the app
- User authenticates with details and a session token is returned
- The app then stores the (secret) session token on the device
- Any future requests include the session token
Conclusion: Any API designed for iOS shouldn't expire the session token. It's simply kept secret on the device.
So from my experience the answer to your question about a design pattern for session expiration is basically:
Do not use session expiration when using an API for iOS.
One of the biggest iOS REST API's out there is doing it this way, and I would have to agree.
