Forms Auth premature cookie expiration

Question

Hi, I'm having trouble with a site that just went to production. For some reason, although the settings seem to be correct for a 15 minutes session timeout, users are reporting that in about 5 minutes they have to log in again.

What can I check? how can I troubleshoot this? I can't reproduce it locally, or in our QA environment. Are there IIS settings I could check? browser settings on the client?

below is my web.config entry for the authentication. Thanks!

    <authentication mode="Forms">
        <forms loginUrl="~/admin/Login" cookieless="UseCookies" requireSSL="false" timeout="15" slidingExpiration="true" name="{C8226EAB-2423-45ce-8A1D-3BC227F1BEE9}"/>
    </authentication>

Answer 1

Well I think that you need also to set the settings of domain name. Do not set www.yourdomain.com, because this way if a user get on yourdomain.com is get diferent cookie.

Set it to root name with our the www: yourdomain.com

<authentication mode="Forms">
  <forms 
  path="/" 
  domain="yourdoman.com"  // <- maybe this key is the reason
  />
</authentication>

Answer 2

Make suer the session is set to at least 15 minutes as well in IIS Manager.