You could either test the isNew() property of the session or (as I do) test for the existence of an object that was put into session during the login.
Either way, once you've determined that the session is new, you could throw a new exception. This would end up forwarding the user to your custom error page.
Personally, since your code is aware of what the problem is at this point, I think it would be better to redirect the user to the login page with a message saying that their session has either timed out or that they've tried go directly to one of the application's pages without logging in first.
It's generally considered bad form to throw exceptions as part of flow handling.