The change in FormsAuth I never knew about

Obviously I missed the boat somewhere along the line. I realized today that I've never used FormsAuthentication in an ASP.NET v2.0 application before. As it turns out, it doesn't work the same as it used to.

Back in the old days of v1.x, you could call FormsAuthentication.SetAuthCookie(name, persist), then change its expiration date and make it last for a year. Just to make sure I wasn't crazy, I checked some of my old and yellowing v1.x books to make sure that this is what you did. I hope I didn't write that into my book, because the persistance part doesn't work anymore, or rather, doesn't work the same.

Sure, the cookie will be there, but the plumbing will consider it invalid once the session times out. As Scott mentions in a link from the comments, you can change the timeout, but this isn't exactly what I was going for since it creates a sliding expiration. I wanted a finite ending in 30 days.

This article on MSDN describes what you should do. I'm a little annoyed that this change happened without changing the interface, or rather adding a different one for the current behavior. Having some arbitrary sliding timeout is weird to me, and having a "persist cookie" value in SetAuthCookie implies that it's going to stick around until you tell it otherwise.

Of course, maybe I just feel really silly for not having been exposed to the change ages ago.