sessions expire after 20 minutes (not really but they are supposed to be default). The trouble is the asp.net session is not reliable, infact session end events do not even fire right as a session ends, they fire after the session but not immediatly. I would actually suggest against using the session for anything where you need the time to be precise. I would use a cookie. Plus you can really make a cookie last for as long as you want, its a good way to store a login.