Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

what is ASPXAUTH cookie?

Tags:

asp.net

cookies

forms-authentication

While working with ASP.Net Forms Authentication I came across the .ASPXAUTH cookie. I have a couple questions:

  • What is the purpose of this cookie?
  • What is the location of this cookie?
like image 559
balaweblog Avatar asked Jan 08 '09 06:01

balaweblog

People also ask

What does ASP Net_SessionId cookie do?

Net_SessionId is a cookie which is used to identify the users session on the server. The session being an area on the server which can be used to store data in between http requests.

How does FormsAuthentication SetAuthCookie work?

The SetAuthCookie method adds a forms-authentication ticket to either the cookies collection or the URL if CookiesSupported is false . The forms-authentication ticket supplies forms-authentication information to the next request made by the browser.

What is FormsAuthenticationTicket?

FormsAuthenticationTicket(Int32, String, DateTime, DateTime, Boolean, String, String) Initializes a new instance of the FormsAuthenticationTicket class with cookie name, version, directory path, issue date, expiration date, persistence, and user-defined data.

What is FormsAuthentication FormsCookieName?

Remarks. The FormsCookieName property value is set in the configuration file for an ASP.NET application by using the name attribute of the forms configuration element. The FormsCookieName is used to reference the cookie that stores the FormsAuthenticationTicket information.

1 Answers

The ASPXAUTH cookie is used to determine if a user is authenticated.

As far as the location of the cookie, that depends on your browser. If you are using Firefox you can view the cookie by clicking on Tools -> Options -> Privacy. Then scroll down to the domain and expand it to see the cookie and its value. The value is encrypted using the machine key (located in the server's machine.config or web.config file) so looking at the cookie on the client won't really provide you any information. You can decrypt/view the value on the server side using:

HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];//.ASPXAUTH FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

where authTicket has these fields:

enter image description here

The statement "ASPXAUTH is basically used to maintain ASP.NET Session State" is incorrect. ASP.NET issues an entirely different cookie, named ASP.NET_SessionId, to track session state.

like image 113
Todd Avatar answered Sep 28 '22 03:09

Todd
Sign in to Comment

Related questions

MEF with MVC 4 or 5 - Pluggable Architecture (2014)
What's causing “Session state has created a session id, but cannot save it because the response was already flushed by the application.”
Can't set Content-Type header on HttpResponseMessage headers?
use of tilde (~) in asp.net path
ITextSharp insert text to an existing pdf
Visual Studio 2010: How to enforce build order of projects in a solution?
Build ASP.NET 4.5 without Visual Studio on Build Server
Rebinding events in jQuery after Ajax update (updatepanel)
Determine if ASP.NET application is running locally
What is the best way to lock cache in asp.net?
IIS 7 Error "A specified logon session does not exist. It may already have been terminated." when using https
Determine if page is valid in JavaScript - ASP.NET
How to display localhost traffic in Fiddler while debugging an ASP.NET application?
Check if object is NOT of type (!= equivalent for "IS") - C#
The type or namespace name 'Entity' does not exist in the namespace 'System.Data'
How to support HTTP OPTIONS verb in ASP.NET MVC/WebAPI application
Howto? Parameters and LIKE statement SQL
How to hide a column (GridView) but still access its value?
How to search a string in String array
Elmah not working with asp.net site

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!