I have the following code:
public void ConfigureAuth(IAppBuilder app) { app.UseCookieAuthentication(new CookieAuthenticationOptions {
It does expire.
Make sure you do not have any background ajax activity as it extends the session (SlidingExpiration is true by default).
SlidingExpiration
Also I had to manually delete the old cookie after I changed ExpireTimeSpan from the default 14 days to a smaller value.
ExpireTimeSpan