It really depends on the desired functionality you're looking for. I'm going to assume you're using FormsAuthentication.
There's two separate things you need to be concerned about: the Session and the FormsAuthentication cookie. Unless I'm mistaken, both of these have separate timeouts.
If the problem you're having is that the session is timed out but the user still is authenticated, you could try a combination of the following:
1: Making sure the authentication cookie has the same timeout value as the session:
<authentication mode="Forms"><forms ... timeout="20" ... ><authentication>
<sessionState ... timeout="20" ... />
2: In your Page_Load event, check if the session has timed out:
if (context.Session != null && Context.Session.IsNewSession == true &&
Page.Request.Headers["Cookie"] != null &&
Page.Request.Headers["Cookie"].IndexOf("ASP.NET_SessionId") >= 0)
{
if (Page.Request.IsAuthenticated)
{
FormsAuthentication.SignOut();
}
Page.Response.Redirect("/Timeout.aspx");
}
My reference
asp.net - How to log out a user when a session times out or ends - Stack Overflow[
^]