Authentication and session are two different things. Authentication is a prove of genuineness on other hand whenever new user access a website a new session starts. The way they differ in their definition the same way they differ in their timeouts.

Authentication Timeout 

The time for which authentication cookie is alive on user's browser is authentication timeout. After authentication timeout value authentication cookie expires then in order to access site protected resources the user need to re-authenticate themselves i.e they are redirected to login page again.

Session Timeout

Session timeout is the amount of time for which session variables exists. After session timeout value session variables disappear.

The Authentication and Session state timeout is set in web.config :-
 

Authentication Timeout 

<authentication mode="Forms">
  <forms loginUrl="~/Auth/SignIn.aspx" timeout="60"/>
</authentication>

Session Timeout

<sessionState timeout="100" />

Authentication timeout > Session timeout 

In this scenario session timeout will cause all the value in session variables disappear but the user is still authenticated to access protected resources of the site. An error can occur in this scenario if null checking and other conditions for session are not checked.

Session timeout > Authentication timeout

In this scenario authentication timeout will take the user back to login screen but session variables still exist. The user is not allowed to access the protected resources until they login back again.