When using FBA, session timeout is determined in the web.config. This is a standard feature of asp.net.

Example:
<forms loginUrl="/_layouts/login.aspx" timeout="30" />
(timeout is in minutes).

Setting the timeout in Central Admin will have no effect on Forms authenticated sites.

or

public class CheckSessionModule: IHttpModule

{

    public void Init(HttpApplication app)

    {

        ctx.Application.AcquireRequestState += this.OnAcquireRequestState;

    }

    public void Dispose() {}

    public void OnAcquireRequestState(Object sender, EventArgs args)

    {

        if ((HttpContext.Current.User.Identity.IsAuthenticated == true) && (HttpContext.Current.Session.IsNewSession == true))

        {

            FormsAuthentication.SignOut();

            HttpContext.Current.Response.Redirect(HttpContext.Current.Request.Url.ToString(), false);

            HttpContext.Current.ApplicationInstance.CompleteRequest();

        }

    }

}