Currently, in some of my .NET applications I keep track of logon state in a Session variable. This works well, however if we update the .NET application .DLL, the session is wiped out, and users are forced to logon and start over.
What can we do to avoid users from having to logon again?
Can we somehow store logon credentials with Basic authentication to accomplish this?
I would go with the following scheme:
https://stackoverflow.com/a/244907/461810
You need to tweak a little bit - make sure your auto-login token (cookie) is updated on every request and expires in short time (sessionTimeout + 1 min) as it just need to survive session restart.