authorizesrequests and user session timeout

I am using Policies to determine if a user has access to add, edit and delete records which is working fine. However, if a user session times out, the Policy returns a 403 Forbidden but it really just needs to redirect to the login page.