session by default lasts for 20 mins - depending on the setting in IIS and also the web.config. if session is expires, the Session_End event in the global.asax gets fired. from there, you cannot exactly redirect and would not be the right place to redirect anyway.
you should create a user control for example, which is on every page or even better a master page from which all pages derive from, then you can check on every request if Session is empty. if so, redirect to the logon page.
I have done this many times and works a treat.
I have this on a prerender event in a user control:
if (Context.Session != null && Context.Session.IsNewSession)
{
if (this.Page.User != null && this.Page.User.Identity.IsAuthenticated)
{
FormsAuthentication.SignOut();
Response.Redirect("~/Login.aspx");
}
}