Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
May 24, 2012 12:22 AM|LINK
Forms auth is a well established secure mechanism for authenticating users. Also, it's using the standard authentication APIs in ASP.NET and in .NET so that other parts of the framework can also participate in security (typically around authorization) in
a standard way without knowing baout your custom flag in session. Don't build your own security as this typically means your app is not as secure as it could be.
session state is just bad in general.