http://justgeeks.blogspot.my/2008/07/aspnet-session-timeouts.html
http://www.dofactory.com/topic/1747/session-timeout-vs-forms-authentication-timeout.aspx
让这2个timeout保持一致
Session timeout vs Forms Authentication timeout
另外,还有一个role manager
https://msdn.microsoft.com/en-us/library/ms164660(v=vs.100).aspx
https://msdn.microsoft.com/en-us/library/system.web.security.roles.cookietimeout(v=vs.110).aspx
<roleManager defaultProvider="SqlProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/MyApplication" cookieRequireSSL="true" cookieSlidingExpiration="true" cookieProtection="Encrypted" > <providers> <add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="SqlServices" applicationName="MyApplication" /> </providers> </roleManager>