You can reproduce this problem via the following steps.
a) Log out.
b) Request a page that you know exists but requires you to log in.
c) you are redirected to the login page. Log in.
d) you are now redirected to the PageNotFound page.

Problem: The PageAware interceptor does a permissions check when you attempt to view a page. If you have not logged in and are requested a restricted resource, the PageAware interceptor forwards you to the PageNotFound action in an attempt to hide protected resources from random discovery. The PageNotFound action is itself protected and therefore redirects you to the login page.

The impact of this is that when you are a logged in user and your session times out, you will be redirected to the login page (as expected) when you attempt to view another page. However, upon successfully logging in, you are redirected to the page not found.