Jun 13, 2011 10:56 PM|Zizhuoye Chen - MSFT|LINK
As it mentioned, if you are not using session in your application. The session timeout will not matter you. I wonder that what the login mechanism you have to authenticate users? If you use Form authentication, check the cookie timeout and timeout property in Forms
Aslo a quick think, does your host use web farm and user's request will be made on different servers? If it is, also define the MachineKey in configuration file to guarantee the Forms authentication ticket's encryption and decryption are consistent. If not,
please confirm your code to see there's any Response.Redirect code in page that cause user redirection(such as in page_load or BasePage class).
Hope this can help you.