There are two other methods
1. Use a master page, and place the code within the page load there.
2. You can add a Global.asax class and handle the Session Start/End there.
You should be able to redirect the user to the login page on session start and end.
EDIT:
Here is the code for the Global.asax to check as requested
VB:
Private Sub Global_asax_AcquireRequestState(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.AcquireRequestState
If HttpContext.Current.Session Is Nothing Then
Return
End If
Dim requestedUri As System.Uri = HttpContext.Current.Request.Url
Dim baseUri As New System.Uri(requestedUri.AbsoluteUri.Substring(0, requestedUri.AbsoluteUri.Length() - requestedUri.PathAndQuery.Length))
If requestedUri.AbsoluteUri = baseUri.AbsoluteUri & "login.aspx" OrElse HttpContext.Current.Session("UserLoggedInAttribute") = True Then
Return
End If
HttpContext.Current.Response.Redirect("login.aspx", True)
End Sub
C# - you need to add the handler
private void Global_asax_AcquireRequestState(object sender, System.EventArgs e)
{
if (HttpContext.Current.Session == null) {
return;
}
System.Uri requestedUri = HttpContext.Current.Request.Url;
System.Uri baseUri = new System.Uri(requestedUri.AbsoluteUri.Substring(0, requestedUri.AbsoluteUri.Length() - requestedUri.PathAndQuery.Length));
if (requestedUri.AbsoluteUri == baseUri.AbsoluteUri + "login.aspx" || HttpContext.Current.Session["UserLoggedInAttribute"] == true) {
return;
}
HttpContext.Current.Response.Redirect("login.aspx", true);
}