what is ASPXAUTH cookie?

balaweblog picture balaweblog · Jan 8, 2009 · Viewed 63.8k times · Source

While working with ASP.Net Forms Authentication I came across the .ASPXAUTH cookie. I have a couple questions:

  • What is the purpose of this cookie?
  • What is the location of this cookie?

Answer

Todd picture Todd · Jan 8, 2009

The ASPXAUTH cookie is used to determine if a user is authenticated.

As far as the location of the cookie, that depends on your browser. If you are using Firefox you can view the cookie by clicking on Tools -> Options -> Privacy. Then scroll down to the domain and expand it to see the cookie and its value. The value is encrypted using the machine key (located in the server's machine.config or web.config file) so looking at the cookie on the client won't really provide you any information. You can decrypt/view the value on the server side using:

HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];//.ASPXAUTH
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);

where authTicket has these fields:

enter image description here

The statement "ASPXAUTH is basically used to maintain ASP.NET Session State" is incorrect. ASP.NET issues an entirely different cookie, named ASP.NET_SessionId, to track session state.