Both issues sound like there's a critical identifier/token that is not correlated between requests.
I would suggest checking A) the LoadUIWeb messages log response body and B) the web server logs for more detail on what exact error is returned from the server. If there's a server log message that says something like "invalid session" or "database record exists", that's proof that some session token isn't being selected out as a variable and referenced in the form view.
What server technologies are involved (i.e. Java servlets, ASP.NET, php, etc.) and what service technologies (i.e. MS-IIS, Apache, JBoss, etc.) are we talking about here? Also, is this with SSL or just non-secure HTTP?
The timeouts might be due to the same issue, just that the server doesn't bother responding to multiple invalid session requests or something to that end.
