Is there a cookie automatically placed on the user machine? Or is this somehow related to the requester’s IP address? Or maybe in ViewState? An elementary question, I know, but it was difficult for me to find the answer.
In IIS, in the ASP.NET configuration there is a state management tab that has a setting called "Cookieless mode" that has the following options:
UseUri
Usecookies
AutoDetect
UseDeviceProfile
Usually, select "Use cookies" is selected and thus a cookie is used.
He is called ASP.NET_SessionId.
ASP.NET_SessionId
For a local application, my current
ASP.NET_SessionId=kxt1dee1laeuq445pyzjvv55; path=/; domain=localhost; HttpOnly
URL-, .
MSDN, , :
ASP.NET Session Status Overview
In particular, note that if your user authenticates to access your site, you must perform a session ban on logging out so as not to save session state.