ASP.NET 2.0 Web.Config are much different then 1.0/1.1. I’ll be keeping a running log of the changes I have found, watch outs, and a general lessons learned.
slidingExpiration – I’ve never heard of the thing in 1.1, but it was there the whole time. It is a boolean that tells an authetication cookie to refresh the timeout time on every new request. This makes sense, in fact I’m not entirely sure why you would want it different. In ASP.NET 1.1 this was defaulted as TRUE, however in 2.0 it is default as FALSE. Now I know why everyone was being logged out of the application at 5:00 pm everyday.
<forms loginUrl=“Login.aspx“ name=“.ADAuthCookie“ timeout=“480“ slidingExpiration=“true“/>