We were receiving calls from a client saying that they kept being kicked out of one of our systems quite regularly usually after 20-30 mins of inactivity.
We got to work and firstly checked the usual suspects, the web.config file sessionState timeout and the forms timeout for forms authentication. Both of those were set to > 2 hours so it couldn't have been those.
I debugged on my local machine and found that everything was working fine and the session was being killed after the correct timeout stated in the web.config file. It seemed it was a server configuration issue. Now our situation is complex as we share authentication across multiple systems including legacy PHP code, So i tried all of those configs, to no avail.
At last eureka! It seems the actual application pool was being recycled after 20 mins of inactivity. This was an application pool being used by only 1 client so was not being hit as often as most. If your having similar problems check your application pool's session time out values and application recycle values.. Ours was set to 20 mins of inactivity which I believe is the default.