Google Search has many great answers for you: setting asp.net session timeout - Google Search[^]
Like this one: Session timeout in ASP.NET - Stack Overflow[^]
[edit] So you want the user to sign in and only have a fixed period of time before the session is closed. Not time out due to inactivity after a period of time (what you call sliding window).
Timer is not the solution.
What if you had a successful website with thousands of active users? (eg: CodeProject has over 30,000 active users at the time I am writing this). The first thing that comes to mind is that you will run out of memory very quickly.
I would set a timeout on a cached Session value. Session states scale dependent on the strategy that you use, so you can avoid memory exceptions.
Then you can:
1. on postback check for the existence of the value;
2. periodically from the page, do an Ajax check for the value.
If the value is gone, then the session has expired. Now you can let the user know their session is over.
Hope this helps...