.net secured web app

I want to maintain session for a particular section or folder for 20 mins or till the browser close whichever is earlier. after that after that if user type that url it should go to login page.
My code (web.config) is mentioned below which is working only in case if I press logout button, where i am doing FormsAuthentication.SignOut();

What is the way to solve this problem?

<authentication mode="Forms">
<forms loginUrl="login/login.aspx" name="CookieName" path="/" timeout="20" >

</forms>
</authentication>

<sessionState
cookieless="false"
/>

<location path="foldername" >
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

Microsoft is really bad at sessions and I do not rely on their code when I am working on my applications, but I persoannly have my own way of doing it since I can never have it fail. I keep track with databases but that is not what you are asking.

There is a nice article on msdn site on session...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/aspnetsessionstate.asp

Basically you need to look into Session_OnEnd.

Eric

Alien is right, as far as I know they haven't really improved on their session handling much with regards to the global.asa...

If I'm wrong then someone please point out how, as I haven't had time to mess with this aspect of .NET. !

Whammy,

I forget where it is, but on MSDN it said do not rely on it.....
I almost fell out of my chair when my partner showed me it.

Eric