I have noticed in .net 2 that when authenticating a user, setting the
cookie using either redirectfromloginpage or setauthcookie, specifying
true for the persistent parameter that the cookie is persistent with an
expiry time of 30 minutes from now, unless you have specified a timeout
attribute in the forms element in the web.config. Quoting from msdn:
"timeout:
Optional attribute.
Specifies the time, in integer minutes, after which the cookie expires.
If the SlidingExpiration attribute is true, the timeout attribute is a
sliding value, expiring at the specified number of minutes after the
time that the last request was received. To prevent compromised
performance, and to avoid multiple browser warnings for users who have
cookie warnings turned on, the cookie is updated when more than half of
the specified time has elapsed. This might cause a loss of precision.
Persistent cookies do not time out.
The default is "30" (30 minutes)."
So if its persistent why is .net setting expiring to 30 minutes still?!
