Right, it's not a VSA, but a standard RADIUS Attribute.  and  are the attributes in question, and  is the session-timeout attribute as Darran points out. It can be configured in ACS via per-group or per-user authorization rules. Be sure to have the following port config on your switch to support this:
Switch(config-if)#dot1x timeout reauth-period server
show dot1x int will show you the current session, and how long it is before the next re-auth. And you need to turn on "dot1x reauth" on the port to begin with (it's not enabled by default). Then, you need to cmd koksm referred to "dot1x timeout reauth-period server" to tell the port to only do re-auth from AAA via RADIUS Attributes  and  (as opposed to a local static timer).
Yes, this would be the value you may choose for RADIUS Attribute. Hate to quote the RFC, but switches can do exactly what 3580 calls for in this regard:
This attribute indicates what action should be taken when the service is completed. The value RADIUS-Request (1) indicates that re-authentication should occur on expiration of the Session-Time. The value Default (0) indicates that the session should terminate.
So, in combination with Attribute, here's a decoder ring:
1)  Session-Timeout by itself, it will act as if  Termination-Action = "Default", so it should terminate the session. (i.e. forced full re-auth from scratch)
2)  Session-Timeout +  Termination-Action = "Default", same as above. (i.e. forced full re-auth from scratch)
3)  Session-Timeout +  Termination-Action = "RADIUS-Request", so session should get re-auth'd.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...