Say you have a Sharepoint Site you want to make available in the internet.
You implement the custom authentication provider as specified on theTechnet Site : Configure forms-based authentication (Office SharePoint Server)
Check everything and it all works fine except…. the authentication timeout. Where do you use it, you ask? Well, lets assume for a moment that you have a survey you want to make public, and the time required to complete this survey is greater than 30 minutes (the default session expiration time).What you will have after a couple users will try to answer this survey, will be a long list of complaints in your inbox from the users triying to answer the survey and getting redirected to the login page once the session expired.
Naturally you would presume that there is a setting that will attend this minor thing, the session expiration setting so you go and check your Web Application General Settings and set the time in Web Page Security Validation section to 90 minutes.
After another 30 minutes and a couple more new complaints you decide to set the pages to expire … NEVER.
But the complaints keep comming and the boss starts puffing.What can you do ?
Well, rember that you customized the web application, so when implementing the Forms Based Authentication mechanism you also instructed the site to disregard the default sharepoint session management process, you just need to configure that too by modifying the web.config file for the respective web application.
loginUrl=”url”—————————- This was configured when you configured FBA
timeout=”30″ ————————— This is the default expiration (set it here at your convenience)
910443 Understanding the Forms Authentication Ticket and Cookie