03 September 2012 by Web Bureau
I previously posted on the Session State Cookie Timeout setting – see http://www.thewebbureau.com/tech_blog/post/Application-Timeout-Issue-IIS-75.aspx
There is also a setting in the Application Pool you should be aware of.
If you go to the Advanced Settings of the Application Pool under Process Model there is a setting Idle Time-out (minutes). By default this is set to 5 which means it basically clears the forms authentication cookie if there hasn't been any activity for longer than 5 minutes. If you change this to whatever time period you want the cookie to stay active.
Configure forms authentication not to expire when app pool recycled
It appears the forms authentication ticket is encrypted by the machine key. When the App Pool restarts after the idle time it creates a new machine key so the ticket becomes invalid. The solution is to set a static machine key in the web config - http://tipila.com/tips/91/configure-forms-authentication-not-to-expire-when-app-pool-recycled
You would use this if you were wanting to allow someone to log in for a long period of time and I think it would come into play if you used a tickbox to say keep me logged in and set the forms authentication to persistent.