i like to know what kind of data is stored in auth cookie as encrypted data in client pc?
user and password both stored in auth cookie or only user name ?
in case of cookie less form authentication how everything works ?
please read this url write up for CSRF attack and form authentication http://www.asp.net/signalr/overview/security/introduction-to-security#csrf
what would be best approach to protect CSRF attack when using form auth persistent cookie?
looking for good insight. thanks
