I am having a really bad issue where no matter what I try, the user is being logged off after 10 minutes.

I am using ASP.Net 2.0 running on IIS 6.0 on Server 2003 R2 Standard Edition running as a Virtual Server with all applicable updates and .Net 3.5 SP1.

The client is Internet Explorer 7.0

Below are the web.config settings:

<!-- Authentication Mode --> <authentication mode='Forms'>   <forms name='.RecipeViewer' timeout='240' /> </authentication> 

Below is the code used to set the authorization cookie:

Private Sub SetCookie(userName)                 ' Use security system to set the UserID within a client-side Cookie                 Dim ticket As New FormsAuthenticationTicket(1,userName, DateTime.Now, DateTime.Now.Add(Me.GetFormsAuthSettings.Forms.Timeout), True, String.Empty, FormsAuthentication.FormsCookiePath)                 Dim hash As String = FormsAuthentication.Encrypt(ticket)                 Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)                  cookie.HttpOnly = True                  If (ticket.IsPersistent) Then                     cookie.Expires = ticket.Expiration                 End If                  Response.Cookies.Add(cookie)                  ' Redirect browser back to originating page                 Response.Redirect(Request.ApplicationPath) End Sub      Private Function GetFormsAuthSettings() As System.Web.Configuration.AuthenticationSection         Return DirectCast(System.Configuration.ConfigurationManager.GetSection('system.web/authentication'), System.Web.Configuration.AuthenticationSection)     End Function 

I was previously using the FormsAuthentication.SetAuthCookie as well as even trying the FormsAuthentication.RedirectFromLoginPage methods, but these both had the same result, which is why I ended up doing the hard cookie implementation that is done internally (via viewing in Reflector) that the FormsAuthentication class does.

The issue is NOT reproduceable in the Visual Studio 2008 asp.net hosting environment or in IIS 7.0.

EDIT: Cookies are enabled, even the hosted site has been added as a trusted site.

EDIT: Google Chrome and Firefox do not have this issue.

EDIT: Verified Cookie on target machine is set to expire after 4 hours as per the setting (timeout = 240 minutes).

EDIT: As House says, everyone lies. User did not actually test the new code base and was going on a pre-conceived notion that the software was still broken. Thank you to everyone who replied in this topic.

Not closing this for no longer relevant, but keeping it around to help people troubleshoot the issue as there are some really good troubleshooting techniques in this question.