figuring out why asp.net authentication ticket is expiring

Question

I need help figuring out why my authentication ticket is expiring after about an hour on my hosted website. But if I run the site locally the authentication ticket stays alive for the correct amount of time.

This is my localhost web.config:

<authentication mode="Forms">
    <forms loginUrl="~/Account/LogOn" timeout="20160" slidingExpiration="true" path="/" />
</authentication>

and this is my hosted web.config:

<authentication mode="Forms">
    <forms loginUrl="~/Account/LogOn" timeout="20160" slidingExpiration="true" domain=".mywebsite.com" path="/" />
</authentication>

I know the authentication ticket is being created because:

• I can see it in the browser cookies
• I stay logged in even after closing the browser and reopening
• I stay logged in even after website recycles (changing and saving web.config to recycle it)

When I check the cookie expiration date in the browser it's 2 weeks later. However, after about an hour my authentication always expires.

What can I do to figure out why the hosted website's authentication is expiring so early? I don't know how to go about resolving this problem since it's my hosted website that is the only one having problems.

Update 1: After waiting 1 hour, I check my browser and I see the cookie still exists. In fact it's expiration date is set for 2 weeks later. But if I reload the page or try going to any pages that requires authentication I am taken to the login page.

Answer 1

I added a machinekey entry in system.net. Something like this:

    <machineKey validationKey="aaa"
    decryptionKey="bbb" validation="SHA1" />

and now it keeps the user logged in. However, now it seems like I am having performance issues. The page used to take roughly 500ms to load now takes about double that time.