I think the best way to redirect the user to login page can be better handled by forms authentication. Refer to this link.
How to: Implement Simple Forms Authentication[
^]
Here,if the user tries to open some page and if its not allowed,then she will be asked to provide credentials. Once provided the same,she will be landed to the page she was trying to access.
Using session have some disadvantages e.g. It will be stored on server,so its bad idea.
Regards..:laugh: