The slidingExpiration attribute is used in ASP.Net form authentication. This property is used to reset the expiration time for a valid authentication cookie if a request that has already being made has passed the timeout interval. Which means, if it is already expires, the current user will require to re-authentication again.
What is the recommendation value for slidingExpiration?
The slidingExpiration period is only accepting true or false value. It is recommended that you use false as default value, this is a good option to improve the security of your site. It will eliminate any unused session and force your users to re-login again if their current session is not active.
How to set the slidingExpiration value?
This setting is located under your web configuration file (web.config), if you do not find this configuration section, please insert it under system.web section. See below example for more details.
<authentication mode="Forms"> <forms loginUrl="login.aspx" name="loginPage" cookieless="UseCookies" slidingExpiration="false" /> </authentication>