This documentation is archived and is not being maintained.

FormsAuthentication::CookieMode Property

Gets a value that indicates whether the application is configured for cookieless forms authentication.

Namespace:  System.Web.Security
Assembly:  System.Web (in System.Web.dll)

static property HttpCookieMode CookieMode {
	HttpCookieMode get ();

Property Value

Type: System.Web::HttpCookieMode
One of the HttpCookieMode values that indicates whether the application is configured for cookieless forms authentication. The default is UseDeviceProfile.

The CookieMode property reflects the value for the cookieless attribute of the forms configuration element. The CookieMode property determines whether the FormsAuthenticationTicket value will be stored in a session cookie in the browser or stored in the QueryString property.


When the FormsAuthenticationTicket value is stored in the URI, the length of the generated URI may be longer than the maximum length allowed. This is most likely to occur when the FormsCookiePath property is set to the application name and the application name is long (40 or more characters), when user names in the application are long, or when long UserData strings are stored in the FormsAuthenticationTicket value. If the generated URI is too long, the Web server will return a 400 - Bad Request error.

The following code example sets the cookieless attribute to AutoDetect in the Web.config file.

<authentication mode="Forms">
  <forms loginUrl="member_login.aspx"
    cookieless="AutoDetect" />

.NET Framework

Supported in: 4, 3.5, 3.0, 2.0

Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.