Forms authentication uses a sliding expiration policy.
As long as a user lets no more than 30 minutes pass without requesting a page, the user continues to be authenticated.
However, if the user does not request a page for 30 minutes, then the user is logged out automatically.
The following web configuration file forces a user to log in again every minute.
File: Web.Config
<configuration>
<system.web>
<authentication mode="Forms">
<forms slidingExpiration="false" timeout="1" />
</authentication>
</system.web>
</configuration>