This is why you'll generally want to use the built-in Forms Authentication one as it is going to handle associating your specific user Session within the application to a cookie behind the scenes. Forms Authentication has a built-in encryption scheme that
is also used, so it wouldn't necessarily be as easy as just adding a cookie to the request. You can
read a bit more about Forms Authentication security in this related discussion.
Additionally, if you are building your own cookies, you can set the Secure property of them to True as well to ensure that only cookies served over HTTPS are acknowledged or handle it within the web.config for your application :
All-Star
114593 Points
18503 Posts
MVP
Re: Session variables sometimes disappearing
Apr 02, 2015 10:40 AM|Rion Williams|LINK
This is why you'll generally want to use the built-in Forms Authentication one as it is going to handle associating your specific user Session within the application to a cookie behind the scenes. Forms Authentication has a built-in encryption scheme that is also used, so it wouldn't necessarily be as easy as just adding a cookie to the request. You can read a bit more about Forms Authentication security in this related discussion.
Additionally, if you are building your own cookies, you can set the Secure property of them to True as well to ensure that only cookies served over HTTPS are acknowledged or handle it within the web.config for your application :
<system.web> <httpCookies httpOnlyCookies="true" requireSSL="true" lockItem="true" /> </system.web>