What's the difference between the timeout property specified in the Web.Config and the ExpiryDate property of the FormsAuthenticationTicket?

Question

In the Web.Config we have a timeout property. Ex:

<authentication mode="Forms">
      <forms loginUrl="~/Login.aspx" timeout="2880"/>
    </authentication>

When loggin in, we can specify a ticket expiry date. Ex:

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                     1, id.ToString(), DateTime.Now, expiryDate, true,
                     securityToken, FormsAuthentication.FormsCookiePath);

Why there's two places where I can set expiration info about forms-authentication? What's the difference between them? What has more relevance?

Answer 1

The timeout in web.config is session-level timout. Eg. if user is inactive for 30 mins (default) then he or she will be prompted to log in again.

The expiryDate in FormsAuthenticationTicket is the expiry date for the cookie if you use "remember me" feature.