I've been looking at this and I think I've come up with a working solution - I've not used it in anger yet so I can't be sure that it doesn't contain any issues!
Essentially it intercepts the token after it has been created but before anything has started using it. Then replaces it with a token that contains all the underlying detail of the original but with a much longer validTo
date, as decided by the value of validForDays
void WSFederationAuthenticationModule_SessionSecurityTokenCreated(object sender, SessionSecurityTokenCreatedEventArgs e)
{
var currentToken = e.SessionToken;
var validForDays = 1;
e.SessionToken = new SessionSecurityToken(
currentToken.ClaimsPrincipal,
currentToken.Context,
currentToken.EndpointId,
DateTime.UtcNow,
DateTime.UtcNow.AddDays(validForDays));
e.SessionToken.IsPersistent = true;
}
This lives in Global.asax.cs