You should not rely on Sessions alone. You can increase the session time out in the web.config and make it the same as the cookie time out.
But your code should never call Session[“”] unless u absolutely have to. I always go through a helper class that checks the sessions and updates it via the cookie if need be. But best is to stay away from sessions as much as possible IMHO
even if i increase the session timeout, when the user closes and reopens the browser, they have to login again because the previous session doesnt exist. (asp.net session cookies are not persistent)
Anyhow, the proper answer is to use the User Profile capabilities if you need a simple solution. Or roll your own profile provider if you need a more complex solution.