.ASPXAuth Cookie changes during session
https://stackoverflow.com/questions/12973277
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
Is there any reason why, in the middle of an authenticated session, the .ASPXAUTH cookie would change its value?
It doesn't seem that ASP.Net_SessionId has changed its value at the same point (and the session hasn't expired).
Are there some rules that dictate that the .ASPXAUTH cookie value is updated periodically or for any other reason?
Issue is that we're cross checking the values of these cookies that they don't change during a session as a protection against xss or session hijacking.
Solución
The cookie is automatically reissued due to so called "sliding expiration". If your cookie is issued at time T and the cookie timeout is set to X minutes, then the first request made to the server at T + (X/2) causes the cookie to be reissued.
