If I have an ASPXAUTH cookie set as a session cookie, timeout 10 minutes, but no asp.net_sessionID cookie, will the user timeout in a) ten minutes from login b) ten minutes from their last request to the server
Will this behaviour change if I also send an asp.net_sessionID cookie?
This is for a JSON service built on a Sitecore backend providing content for a native iPad app.
The aspxauth cookie timeout is from the time the last request was received.
Timeout
Specifies the time, in integer minutes, after which the cookie expires. If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time that the last request was received.
See the msdn link for details
The ASP.NET_SessionId cookie is used to track session state, its unrelated to the ASPXAUTH cookie which is purley for authentication purposes.
