Forms timeout, Session timeout

I think I understand the difference between forms authentication
timeout and the sessionstate timeout. That said, they are giving me
headache.

I have a simple test application using Forms authentication.

In my web.config I have:


name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true"
defaultUrl="Default2.aspx" cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"/>


and




Note that I set both timeout values to only 2 minutes. In IIS config,
I set the session timeout to 2 minutes also.

I run this application, and login, let it idle for more than 2
minutes. I thought I am out, but when I click on something, I can
still get redirected to other pages of this application. I thought
that I should be redirected to the Login page. Shouldn't I?

I feel like I have no control over the session timeout at all. What's
going on? Any hint is highly appreciated.