I have a site that is using Forms Auth. The client does not want the site session to expire at all for users. In the login page codebehind, the following code is used:

// user passed validation
FormsAuthentication.Initialize();

// grab the user's roles out of the database 
String strRole = AssignRoles(UserName.Text);

// creates forms auth ticket with expiration date of 100 years from now and make it persistent
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
  UserName.Text, DateTime.Now,
  DateTime.Now.AddYears(100), true, strRole,
  FormsAuthentication.FormsCookiePath);

// create a cookie and throw the ticket in there, set expiration date to 100 years from now
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, 
  FormsAuthentication.Encrypt(fat)) { Expires = DateTime.Now.AddYears(100) };

// add the cookie to the response queue
Response.Cookies.Add(cookie);

Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false));

The web.config file auth section looks like this:

<authentication mode="Forms">
      <forms name="APLOnlineCompliance" loginUrl="~/Login.aspx" defaultUrl="~/Course/CourseViewer.aspx" />
</authentication>

When I log into the site I do see the cookie correctly being sent to the browser and passed back up:

However, when I walk away for 20 minutes or so, come back and try to do anything on the site, the login window reappears. This solution was working for a while on our servers - now it's back. The problem doesn't occur on my local dev box running Cassini in VS2008.

Any ideas on how to fix this?