For a project we're working on we've written a fairly basic custom authentication provider - the basic principal of the code is shown below. The Application_Start in Global.asax has been modified to add this provider to the authentication chain. Using this, a user can successfully log in (we're using EPiServer.Util.LoginBase.HandleFormsLogin(emailAddress, textBoxPassword.Text, false) for the log in code) and view protected content in the site. When logged in the UnifiedPrincipal.Current.Identity.Name value is as you'd expect. However, after approximately 1 to 2 minutes the UnifiedPrincipal object reverts back to the anonymous user and the user is required to log in again. I can't work out if I've missed something simple or if there's an EPiServer problem. It's almost as if the log in times out after a short period of time. I've checked the standard Session object and this is still valid even after the UnifiedPrincipal object has reverted back to the anonymous user. Has anyone come across this before or can anyone shed any light on this - I'm at a loss to explain the behaviour. Thanks in advance. Justin public static void CustomAuthenticate(object sender, AuthenticationEventArgs e) { string connectionString = ...................; if (e.IsHandled) { return; } if (LoginStatus.Success == XXXXXX.ValidateLogin(connectionString, e.Username, e.Password)) { ........ UnifiedPrincipal up = new UnifiedPrincipal( new GenericPrincipal( new GenericIdentity(e.Username, "CustomType"), new string[] { "GroupName....." } ) ); up.Password = e.Password; up.UserData.Email = e.Username; up.AddToCache(); e.Principal = up; } else { e.IsDenied = true; return; } }