Kumar I think you are mixing up the two things. The http connection is stateless - the browser has no idea about the session objects etc. that are held on the container.
You are going along the right track when you set the timeout on the server. You need to do this, so that after one minute the session becomes invalid (I know some people have pointed out there is not a guarantee it will be in exactly one minute but in my experience it's always very close).
So on the web container side, all you need to do is set the session timeout to one minute. Try this first, wait for say 90 seconds and then refresh your browser. It should ask you to log in again, because the previous session has gone.
Once you have that working you need to look at doing something on the client side. I would suggest that involves sending back a javascript countdown. The countdown's only purpose is to wait the specified interval and then say refresh the page. Session invalidation will have been handled by the container, and the user will see the login screen again.