Configure Authentication Cookie Settings for Forms Authentication (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Authentication cookies are used as a token to verify that a client has access to some or all pages of an application. By contrast, personalization cookies contain user-specific settings that determine a user's experience on a specific site or application.

Because authentication cookies are passed between client and server together with every request, they should be always secured using Secure Sockets Layer (SSL).

Cookies are a more efficient way to track visitors to a site than query strings, because they do not require redirection. However, they are browser-dependent, and some browsers do not support their use. In addition, the use of cookie-based authentication is not always effective because some users disable cookie support in their browsers.

For information about the levels at which you can perform these procedures, and the modules, handlers, and permissions that are required to perform these procedures, see Authentication Feature Requirements (IIS 7).


This task includes the following procedures:

Configure the Cookie Name for Forms Authentication (IIS 7)

Configure the Cookie Mode for Forms Authentication (IIS 7)

Configure the Cookie Protection Mode for Forms Authentication (IIS 7)

Require SSL for an Authentication Cookie (IIS 7)

Cache Frequently Requested Content (IIS 7)