Recently while implementing forms authentication for a WCF RIA Services application I ran into some trouble setting the expiration of the cookie that kept the user logged in. In the web config I had set the forms timeout to 120 minutes like so:

 1:  <authentication  mode="Forms">

 2:  <forms  name=".App_ASPXAUTH"  timeout="120"  slidingExpiration="true"  />

 3:  </authentication>

This worked just fine. After 120 minutes of the browser being open without Silverlight making a request to the server, the authentication had timed-out and I needed to log in again. Once I had that working correctly ...

Few things are more disappointing to an ASP.NET programmer than this one line of code in a web.config:

You probably know what I mean if you’ve ever been asked to implement user sessions for a web site that has ASP.NET’s built-in session state disabled.  In this post I will offer one simple alternative that allows you to implement user sessions on just such a web site.

Cookies Taste Better In-Memory

The secret to my solution is HTTP cookies.  In my experience, programmers are increasingly afraid to create sites that require cookies because ...