Our ASP.NET app, running on Windows 2000 just went live. IT uses forms based authenication.
The users are forced to re-authenicated after 20 minutes. I've change sessionstate in web.config and also the session length in Internet Information Services to 240 minutes (4 hours). After stopping and restarting the default website and doing an IISRESET at the command prompte, the users still must re-authenicate after 20 minutes.