I have an issue about the heuristic adopted by thinktecture sliding session and discovered that microsoft implements the same algorithm on forms authentication using sliding session. They update the session cookie only if the half of the expiration time has passed.
I know that renewal of the session cookie is not for free, but I could not find any place that explain how costly it is.
Imagine a scenario that the system admin can configure the expiration timeout due innactivity and he configures the timeout with 20 minutes. An user logs on system at 10:00 and at 10:09 he makes a request, the sys admin expects the session expires at 10:29, but what will happen is that the user will be redirected to the login page at 10:20.
I could simply remove this algorithm, but I need first to understand what are the consequences. Could a lot of page callbacks be a problem? Has anyone dealt with this scenario? I need that timings that are accurate.
