Posted on 2007-08-06
I have read this on msdn
"If anonymous identification is enabled, ASP.NET creates a unique identification for users the first time they visit your site. The unique user identification is stored in a cookie on the user's computer so that the user can be identified with each page request. The cookie's default expiration is set to approximately 70 days and is periodically renewed when a user visits the site. If the user's computer does not accept cookies, the user's identification can be maintained as part of the URL of the page request, although the identification will be lost when the user shuts down the browser."
I am trying to understand how this works. My best bet is that everytime a wepage is requested the webpage looks to see if the user is allowed to see the page. Providing the page has anonymous access, asp.net will look for an identification cookie for the user. If there is one, the sliding expiration value is changed. If there isn't, a new one is created.
My key point is that asp.net looks for this unique ID cookie on every page request. Is this correct?