On choosing ASPX authentication cookie name

Randall Parker · Dec 4, 2005

Looking at the fields for configuring a web site's security and I'm using Forms
authentication. Saw the part about assigning a cookie name. I assume this is the
cookie that gets set when a person logs in.

http://msdn.microsoft.com/library/d...n-us/cpguide/html/cpconaspnetarchitecture.asp

ASPXAUTH

<forms name=".ASPXAUTH">

Can one use a different cookie name? Does ASP.Net anywhere expect that name? Or is it
totally overrideable?

If one uses a different cookie name does that make the work of malicious hackers any
harder?

Ken Cox - Microsoft MVP · Dec 4, 2005

Hi Randall,

Yes, you can override the cookie name in the web.config file as shown here:

http://msdn2.microsoft.com/en-us/library/532aee0e.aspx

In most cases, ASP.NET issues the cookie as an "in-memory" cookie which
means it doesn't show up as a file.

Ken

Authentication Cookie not in Request.Cookies	1	Nov 14, 2006
Forms Authentication Cookie from two applications	1	Sep 30, 2005
Lost Cookie during Authentication	5	Sep 7, 2005
piggy-back on Forms Authentication cookie?	3	Feb 28, 2005
Trying to figure out forms authentication	2	Dec 5, 2005
ASP.NET 1.1 Forms Authentication	0	Dec 1, 2006
Framework 1.1 and Forms Authentication	2	Jun 10, 2004
How to get log-in name from cookie in case of Forms authentication?	0	Jan 18, 2008

On choosing ASPX authentication cookie name

Randall Parker

Ken Cox - Microsoft MVP

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads