Controlling a Web App's session duration

When you use the OpenId Connect (OIDC) or the WS-Federation middleware (MW) in an ASP.NET app, a successful authentication (eg, a transaction resulting in your app receiving a valid user token) results in the production of a session cookie - courtesy of the cookie middleware. As long as the session cookie sticks around and is...