请教下asp.net forms身份验证FormsAuthenticationTicket问题

首先后台代码就这些使用了 forms身份验证
protected void Page_Load(object sender, EventArgs e)
    {
        if (User.Identity.IsAuthenticated)
            Response.Redirect("admin/Default.aspx");
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        string UserName = TextBox1.Text;
        FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserName, DateTime.Now, DateTime.MaxValue, true, "", FormsAuthentication.FormsCookiePath);
        string encTicket = FormsAuthentication.Encrypt(ticket);
        Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
        Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName, true));
    }
配置文件
<authentication mode="Forms">
<forms name="aspnet" loginUrl="Login.aspx" defaultUrl="admin/AdminDefault.aspx" timeout="30"></forms>
</authentication>
30分钟超时。
但FormsAuthenticationTicket 的isPersistent已经为true了。就是说超时的话就按照DateTime.MaxValue了。但是翻了下cookies它写的是会话结束失效。怎么会这样。。
还有。。之前是用FormsAuthentication.RedirectFromLoginPage(strUserName, Ckbset.Checked);的
RedirectFromLoginPage的第2个参数true是永久或者50年吗？为什么true了它只是按照配置文件里面30分钟。false的话更惨直接又是会话结束时失效救命啊~~~

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

private static HttpCookie GetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath, bool hexEncodedTicket)
{
    Initialize();
    if (userName == null)
    {
        userName = string.Empty;
    }
    if ((strCookiePath == null) || (strCookiePath.Length < 1))
    {
        strCookiePath = FormsCookiePath;
    }
    DateTime utcNow = DateTime.UtcNow;
    DateTime expirationUtc = utcNow.AddMinutes((double) _Timeout);
    FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
    string str = Encrypt(ticket, hexEncodedTicket);
    if ((str == null) || (str.Length < 1))
    {
        throw new HttpException(SR.GetString("Unable_to_encrypt_cookie_ticket"));
    }
    HttpCookie cookie = new HttpCookie(FormsCookieName, str) {
        HttpOnly = true,
        Path = strCookiePath,
        Secure = _RequireSSL
    };
    if (_CookieDomain != null)
    {
        cookie.Domain = _CookieDomain;
    }
    if (ticket.IsPersistent)
    {
        cookie.Expires = ticket.Expiration;
    }
    return cookie;
}以上是用reflector显示的.net源码，一看就明白了！
private static HttpCookie GetAuthCookie(string userName, bool createPersistentCookie, string strCookiePath, bool hexEncodedTicket)
{
    Initialize();
    if (userName == null)
    {
        userName = string.Empty;
    }
    if ((strCookiePath == null) || (strCookiePath.Length < 1))
    {
        strCookiePath = FormsCookiePath;
    }
    DateTime utcNow = DateTime.UtcNow;
    DateTime expirationUtc = utcNow.AddMinutes((double) _Timeout);
    FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
    string str = Encrypt(ticket, hexEncodedTicket);
    if ((str == null) || (str.Length < 1))
    {
        throw new HttpException(SR.GetString("Unable_to_encrypt_cookie_ticket"));
    }
    HttpCookie cookie = new HttpCookie(FormsCookieName, str) {
        HttpOnly = true,
        Path = strCookiePath,
        Secure = _RequireSSL
    };
    if (_CookieDomain != null)
    {
        cookie.Domain = _CookieDomain;
    }
    if (ticket.IsPersistent)
    {
        cookie.Expires = ticket.Expiration;
    }
    return cookie;
}
以上是.net源码，一看就明白了，请看这句:
DateTime expirationUtc = utcNow.AddMinutes((double) _Timeout);
FormsAuthenticationTicket ticket = FormsAuthenticationTicket.FromUtc(2, userName, utcNow, expirationUtc, createPersistentCookie, string.Empty, strCookiePath);
虽然你给ticket设置为MaxValue,但最终用的还是Timeout设置的时间。
这只能说明微软的东西做得并不好，概念混淆，穆棱两可！
不好意思，说错了，问题在你的这一句：Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,encTicket));
你没有为HttpCookie设置expires，默认就是会话cookie!