Hey All.

Currently, I have a login page that creates an encrypted
Authentication Cookie (using FormsAuthenticationTicket).

This happens after the user has been successfully
authenticated by matching credentials in SQL Server
tables (not using Windows Authentication... just matching
login name and password to their user record within a
table in SQL Server).

I set the authticket to expire 20 minutes after it's been
created, and it uses the
FormsAuthentication.FormsCookieName to grab the cookie
name from web.config.

Now, I also have my session state (mode="InProc") timeout
set to 20 minutes in the web.config file...

This USED to work before for me, but now when the user
times out, it will NOT redirect to the login URL
specified in the web.config file (under the
authentication element)

here's a snapshot of my web.config file:

<authentication mode="Forms">
<forms
loginUrl="Insecure/Session_Expired_Redirect.aspx"
name="sqlAuthCookie" timeout="20" path="/"></forms>
</authentication>

Even if I set my session timeout to something earlier
(like 10 minutes), and put code in Session_End in the
Global.asax file to force a FormsAuthentication.SignOut
(), it STILL won't redirect to the loginURL specified in
the web.config.

Does anyone have any suggestions how I can
properly 'synchronize' Forms Auth and Session State in
this web app? (If you need more info let me know)