Using something like the following code, your cookie will persist for a week until it expires:
HttpCookie theCookie = FormsAuthentication.GetAuthCookie("theUser", false);
theCookie.Expires = DateTime.Now.AddDays(7);
Response.SetCookie(theCookie);
The only difference between a "persistent" cookie and one that is not is that the expiry is set to "Session" on the latter. The easiest way to confirm this is to test it. From my brief trial, it functions without incident.
The class you are referencing is primarily used internally by the FormsAuthentication
library, and I am of the opinion that it should not be your primary method of achieving your goals if they can be reached by a static member function on the FormsAuthentication
class, which is provided to you as a helper to accessing all of the functionality encompassed by the library. The FormsAuthenticationTicket
class is the output of FormsAuthentication.Decrypt
for instance, and would give you information about the data encrypted in the cookie value. It is not what you should be using to create an authentication cookie in code.
EDIT
Regarding what it "means" if both properties are set at the same time, it means that, given your persistent flag in the encrypted ticket data, once the ticket falls out of date it will be renewed each time the user visits. FormsAuthentication
will make a call to FormsAuthentication.RenewTicketIfOld
to persist the ticket indefinitely. The default behavior when you flag a ticket persistent using the FormsAuthentication.SetAuthCookie
or FormsAuthentication.GetAuthCookie
helper methods will initialize the ticket's encrypted data with the expiry set to the current date and time when the ticket is created. This can be confirmed by making a call to FormsAuthentication.GetAuthCookie
and calling FormsAuthentication.Decrypt
using the Value
property of the HttpCookie
you received. If you inspect the Expiration
property of the ticket, you will find it to be set to the current date and time.