What are you doing the other code branch? It looks like you're only handling the case where bypassSlidingExpiration
is false. If bypassSlidingExpiration
is true, then you're taking the default value (30 minutes, or whatever's specified in the web.config or programmatically).
You could consider using FormsAuthentication.SetAuthCookie(username, true)
to bypass the sliding expiration. The second parameter is whether the cookie should be persistent. It's probably best to avoid manipulating the cookie manually. If you for some reason you must, something like this might work:
if (bypassSlidingExpiration)
{
var authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
authCookie.Expires = DateTime.MaxValue;
Response.Cookies.Add(authCookie);
}