asp.net cookies, authentication and session timeouts

Question

I have an asp.net website that uses forms authentication. There are a few things I keep in sessions like username, userID, email, etc.

I allow the user to stay logge

Answer 1

Personally, I would keep the 20 minute default and add a "keep alive" functionality to your site. Make a simple javascript that polls, say heartbeat.aspx, every 5 minutes to keep the session alive. This will extend the session and authentication without keeping crazy authentication tokens.

There are a few examples (bad in my opinion) of how to do this. I ended up using something based on AjaxLines's session timeout prevention. Instead of using the ajax library, though, I simply used an xhtml request directly. Nothing is really needed more than a timed javascript call to a GET on the heartbeat page.