"I really have some good laughs when I tamper with cookies on my
machine and watch the results when it is submitted back to the site. On
the other hand, I don’t want any one to do the same to the cookies that
I make!
Cookies, most of the times, shouldn’t be in plain text, at
least, they should be tamper-proof! Revealing the content of your
cookies might give curious and malicious people an idea about your
application’s architecture, and that might help hacking it.
ASP.NET encodes and hashes its authorization ticket, making it
secure and tamper-proof. However, the methods used to secure
authorization cookies are inaccessible from outside the .NET framework
libraries, so you can’t protect your own cookie using these methods;
you need to protect it yourself using your own encryption key, encoding
and hashing algorithms. HttpSecureCookie works around this by accessing
the same methods ASP.NET uses for cookie authorization." – Adam Tibi
Article Link: http://www.codeproject.com/aspnet/HttpSecureCookie.asp
