Set Form Authentication Cookies Expired Time

Question

I read through the following answer, I think it should be worked but where and which part to put in this comment?

HttpCookie authCookie = FormsAuthentication.GetAuthCookie(username, isPersistent);
if (!isPersistent)
{
    //this is because if it was not set then it got 
    //automatically set to expire next year even if 
    //the cookie was not set as persistent
    authCookie.Expires = DateTime.Now.AddMinutes(15);
}

Response.Cookies.Add(authCookie); 

Is it in the global.asax or Controller itself?

Below are my codes.

From Controller View:

[HttpPost]
    public ActionResult Login(User user, string returnUrl)
    {
        if (ModelState.IsValid)
        {
            var username = user.Username;
            var getPassword = (from item in db.User
                               where item.Username == username 
                               select new UserModel()
                               {
                                   Password = item.Password
                               }
                            ).SingleOrDefault();

            if (getPassword != null)
            {
                var hashingPass = Models.PasswordHash.ValidatePassword(user.Password, getPassword.Password);
                var getAdmin = (from item in db.User
                                where item.Username == username && hashingPass == true
                                select new UserModel()
                                {
                                    UserId = item.UserId
                                }
                                ).ToList();
                if (getAdmin.Count.Equals(1))
                {
                    FormsAuthentication.SetAuthCookie(username, false);
                    if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Index");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The username or password provided is incorrect.");
                }
            }
            else
            {
                ModelState.AddModelError("", "The username or password provided is incorrect.");
            }
        }
        return View(user);
    }

From HTML View:

@using (Html.BeginForm())
                    {
                     @Html.ValidationSummary(true)
                    <form role="form">
                        <fieldset>
                            <div class="form-group">
                                <label for="Username">Username</label>
                                <input class="form-control" placeholder="Enter Username" name="Username" id="Username" type="text" autofocus oninput="setCustomValidity('')" required/>
                            </div>
                            <div class="form-group">
                                <label for="Password">Password</label>
                                <input class="form-control" placeholder="Enter Password" name="Password" id="Password" type="password" value="" oninput="setCustomValidity('')" required>
                            </div>
                            <button type="submit" style="background-color:#f7aa52; border:1px solid #f78952; color:#fff;" class="btn btn-lg btn-block">Login</button>
                        </fieldset>
                    </form>
                    }

Answer 1

It's in the Controller Level.

You may also specify the cookie expiry in web.config under

 <system.web>
   <authentication mode="Forms">
             <forms timeout="50000000" slidingExpiration="true"/>
   </authentication>
 </system.web>