IIS force a session timeout

We've got an ASP.Net v1.1 application, that is being hosting on an Internet Information Server 6.0 (Win2003, SP1) on the Internet.

One of the security requirements is that users of the application have their sessions closed, if they haven't been active inside the session during the last 5 minutes.

We've tried the following without success:

1) Changed the application's 'Application configuration -> Enable session state -> Session timeout' to 5 minutes, but this doesn't force the session to be timed out, even though the session is left inactive for more than 5 minutes.

2) Changed the application's 'ASP Application Pool Properties -> Idle timeout -> Shutdown worker processes after being idle for' to 5 minutes, but this only forces the session to be timed out, if no other sessions are active within the same 5 minutes. (I.e. it times out all the sessions if none of them were active for the last 5 minutes.)

Any ideas on how this could be accomplished using an IIS configuration ?