When are registered LogoutHandlers in Spring Security triggered? Only upon manual logout (obvious!) or also when the http session expires?
Not when the session expires.
Example: RememebrMeServices
See the class AbstractRememberMeServices, which also implements LogoutHandler. We use remember me services to keep user logged in until a user explicitly logs out (or until the remember-me cookie expires). Its main purpose is to take care of session expiration issue and it is usually added for users who frequently use the application (for example, administrators or customer service representatives who don't like to login every time their session expires).