A 'cookie' is a small piece of data sent from a website and stored on your computer by your web browser. Cookies are designed to help websites remember useful information, such as previously entered form data or your preferences, or to record your browsing activity on that site, such as clicking particular buttons, logging in, or recording page visits.
This page explains several types of cookies that are on this site, as well as how to turn them on or off:
You can revoke your cookie consent for this website only at any time using this button.
Prevents Cross-Site Request Forgery (XSRF/CSRF) attacks in ASP.NET Core
When a user authenticates using their username and password (and 2FA), they're issued a token, containing an authentication ticket that can be used for authentication and authorization. The token is stored as a cookie that accompanies every request the client makes. Generating and validating this cookie is performed by the ASP.NET Core Cookie Authentication Middleware.
ASP.NET Core maintains session state by giving the client a cookie that contains the session ID, which is sent to the server with each request. The server uses the session ID to fetch the session data. Because the session cookie is specific to the browser, you cannot share sessions across browsers. Session cookies are deleted only when the browser session ends. If a cookie is received for an expired session, a new session that uses the same session cookie is created.