ASP.NET 2.0 presets cookie

When I saw this expression on BLOG this morning, I might as well pay attention to it:

If you use FormsAuthentication in asp.net 2.0 and set cookie to a persistent state, the default duration is 30 minutes instead of 50 years in asp.net 1.1, because 50 years is too insecure and your computer will be sold. If you want to change it, you can change

< authentication mode="forms" >

        < form loginUrl="login.aspx" timeout="3600"/ >

< /authentication >

If you do not change the TIMEOUT property, then when you use asp.net 2.0 LOGIN control, even if the user selects REMEMBER ME, after 30 minutes, the user must still log in