If you change most anything in the app's code (including the config) then it'll reset the app which "kicks everyone out". But that isn't quite how session works. If you're using forms auth then most likely you are using cookie authentication. When the user logs in then they get a session created for them in memory (in most cases). What you store there is up to you. You should really only be storing data that is specific to that user.
The user's authentication information gets sent back to the browser as a cookie. Subsequent calls to the server generally pass the session ID back which the server then uses to find session, if any. If the session has expired or isn't available then a new one will be created. Any data in the old session is gone but normally you only use session for cached data anyway so it is no big deal.
The user's authentication should still be valid as they still have their cookie. Hence they may lose their cached data but they shouldn't be kicked out of the system as they still have a valid cookie that the server will use. Hence you can normally bounce an app while users are logged in and they won't really notice. In fact most apps idle out so this probably happens more than you think.
So I would say that if your users are being forced to log back into your system then your app isn't managing the authentication cookie properly. This isn't anything to do with session. You should resolve that issue.
As for updating an app while users are actively using it I would generally recommend against that anyway. When you deploy the app it'll go down for a second which means users may catch the downtime. Things could also go wrong or take longer to start up so bringing a business app down during business hours isn't something you should probably be doing even if you didn't have an authentication issue. Business apps should probably be updated after hours. If you have a build server or equivalent then schedule nightly releases or something while everyone is out of office.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 28.999999999999996%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 87%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 46%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)