Can someone clarify when to use .SetAuthCookie and when to manually create a ticket and cookie in code. And then why would you need to have additional web config settings?
+1
A:
SetAuthCookie and RedirectFromLoginPage are convenient shortcuts but if you want to e.g. add custom data to the ticket then you will need to create the cookie manually. I have often found that you need to keep track of an integer user id in addition to the login name and the UserData of the FormsAuthenticationTicket is a good place to put that.
If you still want to make use of the settings from web.config as defaults then it is a good idea to create a cookie with GetAuthCookie and decrypt it to get the default settings from that cookie before you create your new custom cookie, encrypt it and send it back with the http response.
If you create your own FormsAuthenticationTicket, encrypt it and send it back as a cookie then you bypass many of the settings from web.config such as the timeout and whether to run cookieless or not.
Johan Levin
2009-09-13 11:05:35