I have an ASP.NET MVC application using forms authentication. Here's the line of code where I create the auth token:
FormsAuthentication.SetAuthCookie(username, true);
My web.config file contains:
<system.web>
<machineKey validationKey="{unique key}" decryptionKey="{unique key}" validation="SHA1" decryption="AES" />
<authentication mode="Forms">
<forms loginUrl="~/account/" timeout="2880" />
</authentication>
...
</system.web>
<location path="my">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Although the persistent cookie parameter is set to true, my users log out after a few days of inactivity.
The application is deployed to AppHarbor, but I experienced the same behavior when it was hosted on a dedicated server.
What am I missing that will cause users to log out periodically?
source
share