Hi Shimon,
As for the problem that some of your customer found your formauth based web
application will make them logout within 5-10 miniutes which is much less
than the value you set in the web.config. I think this is a possible issue
with formauthenticat ion, because the ASP.NET's formsauthentica tion is
cookie based by default. This means the user's authentication token is
stored in the client user's cookie. And as we know, the clientside's
browser has its cookie privacy which determine the clientside browser how
to treat the cookie from remote site. Since different client may has
different browser and also may have different cookie privacy setting( maybe
restrict than normal level or maybe has applied some certain additional
features), these all will result to
different behavior when visit a cookie based site. As for the cookie
privacy in IE6 and providing a cookie privacy policy in IIS here are some
certain references:
#The Default Privacy Settings for Internet Explorer 6
http://support.microsoft.com/default...b;en-us;293222
#HOW TO: Configure IIS To Use Platform for Privacy Preferences (P3P)
http://support.microsoft.com/default...b;en-us;324013
Also, here is a former thread which discussing on the related infos:
#Subject: General Enquiry on Privacy Policy
http://groups.google.com/groups?hl=e...readm=y97K%24K
f5DHA.3736%40cp msftngxa07.phx. gbl&rnum=1&prev =/groups%3Fq%3Dpr ivacy%2Bsteven
%2Bcheng%26ie%3 DUTF-8%26oe%3DUTF-8%26hl%3Den
Hope also helps. Thanks.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx 
