Can somebody explain what ASPXAuth cookie does?
My website uses forms auth and I am trying to create a load balancer (hardware) rule which will keep track of sessions based on the aspxauth cookie. Is it safe assume that the value of the cookie is unique?
The easiest way to get authentication working in a load balanced environment is to enable sticky sessions. This places an extra cookie to all outgoing responses, such that subsequent requests will contain that cookie and the F5 will recognize the user session between page views and ensure they are routed to the same web server. The web server will not know any different.
The value of this cookie represents the encrypted username of the currently authenticated user. More about Forms Authentication in this article on MSDN.