Glad you got this far, thanks to James.
If global authentication is active on your application (see below on global and per form) the authentication mechanism in Visual WebGui will intercept any request that will be directed to your application and VWGContext.Current.IsLoggedOn = false, then it will fire up the logon form. This means that in order to fire up the logon form the client has to issue a request. Setting VWGContext.Current.IsLoggedOn = false within serverside code will not make the client issue any request, not yet, but it will on the next KeepConnected request or if you have a timer active. Adding that Redirect will make the client issue that needed request, but you should not redirect directly to the logon form. You should redirect to your mainform, and as I said above, Visual WebGui will intercept that request and automatically fire up the logon form.
There are two flavors of IsLoggedOn, the ones I called Global and per form authentication. The Global authentication is set like here where you have the same logon form for the whole of your application. The per form authentication has a code sample here. What you are using above, VWGContext.Current.IsLoggedOn, is a per form authentication, meaning that you are setting the IsLoggedOn state for the current context only, as opposed to set VWGContext.Current.Session.IsLoggedOn, which will affect all your application as explained by the code sample.
Hope this helps,