However, if you've got some pages on your web application that should be viewable by the user without the authentication ticket being renewed (such as a ticker to display new messages within an IFrame), you can disable slidingExpiration by making the following change in the web.config file:
You then have to programatically perform sliding expiration within your code, which can be done with the following code snippet posted at:
// Acquire Auth Ticket from the FormsIdentity object
FormsAuthenticationTicket objOrigTicket = ((FormsIdentity)Context.User.Identity).Ticket;
// Manually slide the expiration
FormsAuthenticationTicket objNewTicket = FormsAuthentication.RenewTicketIfOld(objOrigTicket);
if (objNewTicket.Expiration > objOrigTicket.Expiration)
// Create the (encrypted) cookie.
HttpCookie objCookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(objNewTicket));
// Add the cookie to the list for outbound response.
// Update original
objOrigTicket = objNewTicket;
In the code snippet above, you would have to change the condition within the IF statement that checks Request.Url to exclude the pages for which you do not want slidingExpiration to occur. The example above excludes all requests to ASP.NET Generic Handlers (files ending in .ashx).