Hi,
we have an ASP application under C# talking to MS SQL 2000, it has no
problem with windows authentication for almost 200 users who are registered
in Active Directory. Application has several different folders though.

Now we are going to use a copy wide open in the internet, for more users,
under SSL and Forms Authentication.

based on Microsoft best practice, we have users table having userId and
hashed passwords.
passwords are Hashed  using forms salt and encryption. no problem with that,
but cookies are not extended when client is sending posts. I tried to
manually extend it in Global file under:
Application_AuthenticateRequest  by using  let say myCookie.Expires =
DateTime.Now.AddMinutes(1);

but nothing!

and something else, when cookies are expired, user is sometimes sent to Log
On page, sometime not! and when not, there is a prompt for userid and PW
which doesn't help at all.

any note? or resources in the internet? (found some basic examples but
nothing more)

Thanks,

Vaf