Why set forms authentication timeout longer than session timeout?

[Convict]

I think I understand the difference between ASP.NET's "session" and "forms authentication". Session is basically used for storing info specific to that user's session (maybe the state of a search filter), and the forms authentication is used to remember that they should have access to certain things.My question is, why is it ever desirable to have the forms authentication timeout be longer than the session timeout? In fact, by default, web.config sets forms authentication's timeout to be much longer.Here are the 2 scenarios I see:[*]Session times out before forms auth does. User loses things like search filters and although they can still see secured pages, things may look different and various things may reset. In addition, the developer has to worry about Session becoming \[code\]null\[/code\] every time they use it.[*]Forms auth times out before session does. User has to re-enter username and password, but they get back to the page they were on and with the session info intact (unless that has also timed out). Developer only has to worry about Session being \[code\]null\[/code\] in one place - on login - and can initialize it there if necessary.Why would scenario 1) ever be more desirable? Am I missing something?