ASP.Net FormsAuthentication Redirect Loses the cookie between Redirect and Application_AuthenticateRequest

Question

I have a FormsAuthentication cookie that is persistent and works independently in a development, test, and production environment. I have a user that can authenticate, the u

Answer 1

It turns out that the cookie data being dumped into the cookie for this particular user happened to exceed the maximum allowed size in its encrypted format. Unencrypted, the data fit, but once the encryption was run on it the size grew too large to handle. This caused the cookie and any cookies added after it to be dropped from the response header.

Chopping the amount of data injected into the cookie solved the issue.

Answer 2

A potential issue is the way you redirect; by setting the boolean value to true you send a ThreadAbortException and you may lose the session token. Either set the boolean value to false or use FormsAuthentication.RedirectFromLoginPage