Asp.net forms authentication cookie not honoring timeout with IIS7

Question

Authentication cookies seem to timeout after a short period of time (a day or so). I am using Forms Authentication and have the timeout=\"10080\" with slidingExpiration=\"fa

Answer 1

The authentication cookie is encrypted using the machineKey value from the local web.config or the global machine.config. If no such key is explicitly set, a key will be automatically generated, but it is not persisted to disk – hence, it will change whenever the application is restarted or "recycled" due to inactivity, and a new key will be created on the next hit.

Resolving the problem is as easy as adding a configuration section to web.config, or possibly (preferably?) to the machine.config on the server (untested):

  ...
  
  ...

Google generate random machinekey for sites that can generate this section for you. If your application deals with confidential information, you might want to create the keys yourself, though.