Adding a machineKey fixes the problem of being logged out every 30 seconds or so. This is because the machineKey is required for forms authentication. I'm running nopCommerce 2.65.
First, you need to generate a machineKey. Got to http://aspnetresources.com/tools/machineKey
and generate the machineKey online. The generator will give you the code that you need to insert into web.config in your Nop.Web app.
The generated code will look something like this (by the way, don't copy and paste from here, generate your own code!):
<machineKey validationKey="D9A123CFA99A739E6397B6F15602C5C3BA32B7B30CCF259908CA8BCD955820F80B40920A217883994C62F687ACDC1668D23D47F2361BACF07A33EAD5C23B9257" decryptionKey="D788111905A577E2D8B1BB79E0BB969F3FD74AA025447949FDC95FF153712504" validation="SHA1" decryption="AES" />
Once you have the code like above, insert it inside your <system.web></system.web> tags in web.config. I put it right after the </authentication> tag like so:
<authentication mode="Forms">
<forms name="NOPCOMMERCE.AUTH" loginUrl="~/login" protection="All" timeout="43200" path="/" requireSSL="false" slidingExpiration="true" />
</authentication>
<machineKey validationKey="D9A123CFA99A739E6397B6F15602C5C3BA32B7B30CCF259908CA8BCD955820F80B40920A217883994C62F687ACDC1668D23D47F2361BACF07A33EAD5C23B9257" decryptionKey="D788111905A577E2D8B1BB79E0BB969F3FD74AA025447949FDC95FF153712504" validation="SHA1" decryption="AES" />
That's all there is to it. No more being logged out, well, until the timeout in <authentication> occurs.