Where does ASP.Net Core `cookies authentication` store a reference to that cookie?

Sometimes I used to see PHP developers passing an Id in their cookies, and save a reference in the database to that cookie (so they can authenticate the users by cookies). But in ASP.Net Core, I have never seen that.

How and where does ASP.Net Core know that this cookie is owned by this user? Is everything stored in memory (in some kind of objects)?

In case of yes, does that mean that the users should be logged in again if I restarted my application? Or is there any method that ASP.Net Core provides to persist the references to cookies even after restarting the application?

1 answer

  • answered 2017-11-13 03:18 djones

    The ClaimsPrincipal is serialiazed, encrypted and sent to the client as a cookie. Once a cookie is created, it becomes the single source of identity. When the client makes a request it sends the cookie, which the server decrypts (which serves as validation) and deserializes into the HttpContext.