The best way to do it would be to modify the Controller base class (protected/components/Controller.php). You can add an init() function which will get executed on every Controller call, something like:

public function init(){
    if(!isset($_SESSION['mysession'])){
        this->redirect("site/login");
    }
}

You can access the current Controller with:

Yii::app()->controller->id 

But you cannot access the Action in the init function (usually you could use Yii::app()->controller->action->id). The easiest way to do this is probably to check the URL like:

if ($_SERVER['REQUEST_URI'] == "/site/login"){
    // it's the login page
}

You might have to edit the $_SERVER['REQUEST_URI'] before comparing if you are working on your localhost in a sub folder, something like:

$url = str_replace("/mysubfloder","",$_SERVER['REQUEST_URI']);

And then compare with that. Also probably best to check for the index.php in the string as well.

I am assuming you are using this for making certain pages not accesible to non logged in users? If that is the case you really should be using accessRules. Read more about that here