Ok I’m rather confused, does FormsAuthentication.SetAuthCookie() in asp.net create a session based cookie or not? From what I gather to put something in a session you would do something like this in the code behind:
Session["userAge"] = 25;
Now regardless of whether a cookie is created this will work as its server side, so I’m confused as to when I read you can have session and sessionless cookies, if so how do you create each one and how would you access esssion variables in the cookie in .net?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
This is a common confusion. Session and FormsAuthentication are two separate concepts – they have independent timeouts and independent cookies (or no cookies if you’re using Cookieless sessions.)
Session on the server is identified by a unique cookie that is created even for anonymous users. This cookie holds a SessionID that has nothing to do with FormsAuthentication.
The FormsAuthentication cookie contains a number of things, the most important of which is the authentication ticket. This ticket is an encrypted bit of info that identifies the user against the login credentials supplied. There is a great step-by-step flowchart and explanation of what’s in a ticket in this MSDN article.
Method 2
I’m not sure exactly what you’re asking, but if your question is how can you access Session["userAge"] without an auth cookie, the answer is because it’s a separate entity from the session.
The auth cookie (default name .ASPXAUTH) is created before the session is even started so it can’t be based on the session.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0