When the CacheRolesInCookie property is set to true in the Web.config file, role information for each user is stored in a cookie. When role management checks to see whether a user is in a particular role, the roles cookie is checked before the role provider is called to check the list of roles at the data source. The cookie is dynamically updated to cache the most recently validated role names.
a) As far as I understand the above text, even though role management checks the roles cookie, role provider still checks the list of roles at the data source?
b) Above text talks about role management, which is invoked before role provider is called. What class acts as a role management?
thanx
EDIT:
As far as I understand it, the information cached within the cookie includes all available roles, not just the ones your user is a member of. So I do not believe that the database would be hit each and every time.
From same site as the quote from my previous post:
Roles.CacheRolesInCookie Property Value
true if the current user's roles are cached in a cookie; otherwise, false. The default is true.
This suggests that only roles for current user are stored in a cookie. Besides, if all roles where stored in a cookie, then role manager would still have to check the DB to see which of the roles current user is member of?!
Role management is handled by the System.Web.Security.Roles class.
I thought the text used the term role management to refer to class/module that calls the methods of System.Web.Security.Roles, which in turn check whether user is a member of particular role?