hi,

why does the framework use cookies for saving and retrieving the authentication ticket, and doesnt just put the authentication ticket and all other stuff as an object in the users session?! whats the cons and pros of using cookies or the session in this case?!


asking because i have to program a custom authentication, i was wondering should i follow .net steps and use a cookie,or keep the authentication info in the session which to me sounds more useful and easier to implement since we dont have to care anymore about the settings of the user, and we can use a single authentication for multiple pages and domains


thanks...