Why won't my forms authentication stay logged in?

Question

I'm using forms authentication on my mvc project, and it seems that no matter what I do. You can only stay logged in for one day then it requires you to log in again.

In my web.config, I set the timeout to a week in minutes.

<authentication mode="Forms">
  <forms loginUrl="~/Account/Login" timeout="10080" defaultUrl="/kpi" slidingExpiration="true" />
</authentication>

And here is where I'm setting the cookie.

var cookie = FormsAuthentication.GetAuthCookie(account.UserName, account.RememberMe);
if (account.RememberMe)
    cookie.Expires = DateTime.Now.AddDays(7);
Response.Cookies.Add(cookie);
var returnURL = FormsAuthentication.GetRedirectUrl(account.UserName, account.RememberMe);
var hashData = Request.Form["HashHidden"];

Answer 1

Everytime IIS recycles the app, a new machine key is generated. Your auth ticket is signed using that machine key, so when a new one is generated, the auth ticket is no longer recognized. You need to set a static machine key in your web.config.

http://aspnetresources.com/tools/machineKey

Answer 2

You need to set the AuthCookie with FormsAuthentication.SetAuthCookie(username, persistent) See http://msdn.microsoft.com/en-us/library/twk5762b(v=vs.110).aspx

And set the proper timeout in your web.config

  <system.web>
     <authentication mode="Forms">
             <forms timeout="10080" slidingExpiration="true"/>
     </authentication>
  </system.web>