Forms authentication uses a sliding expiration policy.
As long as a user lets no more than 30 minutes pass without requesting a page, the user continues to be authenticated.
However, if the user does not request a page for 30 minutes, then the user is logged out automatically.
The following web configuration file forces a user to log in again every minute.
File: Web.Config