Hi there! Thank you for responding.
Users are logged out at 20 minutes.
Regardless, isn't Entry Page based on visitor cookie? Not session cookie? I'm not sure how an entry page/URL is populated with a secured page/URL when there's literally no way for a user to start a session (or visit) without logging in first. Both visitor cookie and session cookie has to be a URL that did not require them to login.