Please give me your opinion on my authentication scheme

I have an ASP.NET 2010 app and to be honest, I have struggled with the Membership api the whole way. Overview is pretty typical. I create the user, and then attempt to set a persistent cookie using ...

FormsAuthentication.SetAuthCookie(UserName, True)

After that, whenever a non-authenticated user hits a restrictred page, they should be sent back to the login screen. Meanwhile, if a user with a peristent cookie hits a restricted page, I want to grab the开发者_JAVA技巧 cookie, and log them in automatically, as long as the cookei is not expired. Here is my Web.Config...

<authentication mode="Forms">
<forms
        name=".ASPXAUTH"
        path="/"
        loginUrl="~/Account/Login.aspx"
        protection="All"
        timeout="129600"
        slidingExpiration="true"
        defaultUrl="~/Authenticated/User/UserHome.aspx"
        />
</authentication>

So my questions are...

1. Why can't I find the ASPXAUTH cookie even though I persisted it?
2. Is my plan to validate them against this cookie (the username in the cookie) in the SessionStart event a good idea?
3. Why, when I click the log out which runs FormsAuthentication.SignOut(), which should kill the cookie, can I still get to an authenticated page if I type it directly into the browser.

Meanwhile, if a user with a peristent cookie hits a restricted page, I want to grab the cookie, and log them in automatically, as long as the cookei is not expired

The framework should automatically detect the cookie for you. I suspect your attempts to manually do this are causing some or all of your issues.

Could you post all of the code where you're interacting with the cookie and forms authentication?