Differences in forms auth timeout and session timeout

Question

The session state timeout is set using this web.config element

Answer 1

as expected.

e.g. if your session times out after 20 minutes, your session-variables will be lost. but the user could access the pages which are protected by the authentication.

if the authentication times out, the user could not access the page which it protects, and the state of the session is irrelevant.