I saw this statement on a foreigner’s blog this morning. You might as well pay attention to it:
If you use FormsAuthentication in asp.net 2.0 and set the cookie to be persistent, its duration is 30 minutes by default.
Instead of 50 years in asp.net 1.1, because 50 years is too unsafe and your computer will be sold. If you want to change it, you can use the timeout attribute to change
<authentication mode="forms">
<form loginUrl="login.aspx" timeout="3600"/>
</authentication>
If you do not change the TIMEOUT attribute, then when you use the LOGIN control of asp.net 2.0, even if the user selects REMEMBER ME, the user still has to log in after 30 minutes
http://jackyrong.cnblogs.com/archive/2006 /06/09/421293.html