I am using Forms authentication in my asp.net 4.0 application (upgraded from .NET 1.1). I explicitly create the FormsAuthenticationTicket object, then encrypt it (using a FormsAuthentication method), and send it in a cookie to the client. I use FormsAuthentiation.RenewTicketIfExpired() to set the sliding expiration of the authentication cookie.
I am able to use Fiddler to find out a new session cookie issued halfway through FormsAuthenticationTicket timeout.
if formsauthentication timeout = 2 min, session timeout = 20 min
i.e.
hh:mm:ss
10:00:00 user logs in
10:01:10 postback occurs
Then a new session will be re-created and got logged out. But i set the session to time out every 20 minutes. I tried different formsauthentication timeout values and a new session is always created halfway through the timeout.
I need to set the formsauthentication timeout to a very big value to avoid this from happening.
There's no such problem before the upgrade from .NET 1.1
Does anybody know why? is this a bug for dealing with sliding expiration in asp.net 4.0?
Your site could be recycling. This may happen for a couple of reasons. One that recently caught me was when the site directory structure changed (e.g. adding a folder).
Since you know where it is happening just make sure that you are not causing any recycling.