Session timeout vs Form Authentication timeout

What is the difference between a abandon Session and a cookie timeout, what if the session is abandon and the c开发者_如何学JAVAookie is still alive, is that can lead to a problem?

<sessionState timeout="1" />

<authentication mode="Forms">
      <forms loginUrl="login.aspx" timeout="1" />
</authentication>

Thanks

I don't believe that leads to a problem. Session timeout is specific to the session state mechanism, but for forms, the timeout is specific to the cookie that retains the user's credentials.

In an app of mine, the user is still logged in as the session times out, but once the auth cookie times out, the user has to log in again.

HTH.