ASP.NET 2.0 and ASP.NET 3.5 automatically support issuing and managing forms authentication tickets in a cookieless manner. The process starts by ASP.NET inspecting the request URL, looking for any cookieless tickets. In ASP.NET 2.0 and 3.5, cookieless tickets are supported for session state (this was also available in 1.1), forms authentication (previously available as part of the mobile support in ASP.NET), and anonymous identification (introduced since ASP.NET 2.0). A sample URL with a cookieless session state ticket is shown here:
ASP.NET reserves the path segment immediately after the application's virtual root as the location on the URL where cookieless tickets are stored. In this example, the application was called inproc, so the next path segment is where ASP.NET stored the cookieless tickets. All cookieless tickets are stored within an outer pair of parentheses. Within these, there can be a number of cookieless tickets, each starting with a single letter indicating the feature that consumes the ticket, followed by a pair of parentheses that contain the cookieless ticket. Currently, the following three identifiers are used:
S: Cookieless ticket for session state
A: Cookieless ticket for anonymous identification
F: Cookieless ticket for forms authentication
At some stage during the request life cycle, ASP.NET removes the cookieless tickets from the URL and inserts ...
With Safari, you learn the way you learn best. Get unlimited access to videos, live online training,
learning paths, books, interactive tutorials, and more.