How AuthFilter Verifies Cookies

  • Article

AuthFilter performs the following steps to check whether the client browser supports cookies:

  1. It sends a redirect to the browser while setting a cookie and setting a querystring flag. If the cookie comes back with the redirected query and querystring flag, then AuthFilter knows the browser supports cookies.
  2. If the browser does not support cookies, the redirected query returns without the cookie. AuthFilter detects the querystring flag (which is always returned) and redirects the browser to the Nocookie.asp page.
  3. This check only occurs at the beginning of a session when no cookie has been set and the user has not logged in.

Copyright © 2005 Microsoft Corporation.
All rights reserved.