I discovered an interesting problem today.
I have a site that relies on Session State to store a couple of small bits of information and uses Forms Authentication. I was getting errors (Not an instance of an Object) in places I thought was impossible. It seemed that the Session was invalid in places where it should not be.
Turns out that I had used the default Forms Login timeout that VS.NET provided (30 minutes) and the person who set up the Web server (or perhaps this is a default) set the session timeout in IIS to 15 minutes. I had assumed that both were set to 20 minutes as a default. This seems to have been the cause of this sporadic problem (which cropped up only when people were logged in and did nothing for between 16 and 29 minutes).
Has anyone else run into such a problem, or am I just missing something?