Reputation: 3051
Is there server side session state associated with ASP.NET Identity cookies?
When using the ASP.NET Identity ApplicationCookie authentication strategy two cookies are created when the user logs in: _RequestVerificationToken and .AspNet.ApplicationCookie.
Is there any server side session state associated with these cookies?
If so is it possible to configure this identity session state's its location (InProc, custom provider)?
Upvotes: 0
Views: 609
Answers (1)
Reputation: 52280
_RequestVerificationToken is a CSRF token. It contains a value that must match one of the hidden fields in the page. There is no server side session state associated with this cookie. More info.
.AspNet.ApplicationCookie is a persistent cookie that contains the user's identiy and claims in an encrypted and signed format. The data is stored in the cookie itself, not on the server. More info
Upvotes: 1
Related Questions
- ASP.NET Core Identity & Cookies
- ASP.NET Identity, persistent cookie - is something like this build in?
- Asp.net Identity How Authentication Cookie getting validated?
- ASP.NET_SessionId cookie behavior explanation
- Identity Session Start
- Does ASP.NET Session state work without cookies?
- Session cookie persitance in ASP.NET MVC
- ASP.NET MVC3 Authentication & sessions
- User authentication without Session state in ASP.NET
- Is asp.net session information stored in a cookie?