I'm trying to get forms authentication working for an mvc site. I have a custom database with a users table, and I would like to do my own password validation.

I am logging in my user like this:

if (PasswordHasher.Hash(password) == dataUser.Password)
{
   FormsAuthentication.SetAuthCookie(email, true);
   return true;
}

The problem is, when the session expires obviously the user has to login again.

I am thinking I should be storing this Auth cookie in my users table?

Update: I'm obviously in desperate need of more education in this area. I just noticed that the user stays authenticated even after an iisreset.

I guess what I'm asking is how can I get persistent and non persistent authentication working properly. I want a user to not have to login again if they click "remember", and if they don't then their authentication should expire when the forms authentication is set to expire.