What are the purposes of the different cookies created by IdentityServer?

Question

I have spent the last week implementing the Duende Software IdentityServer 7 BFF framework integrated with the ASP.NET Core Identity v8 for user persistence and management.

Now this is all up and running I notice that after a successful login I end up with 3 cookies namely .AspNetCore.Cookies, .AspNetCore.Identity.Application and idsrv.session.

Can anybody tell me what the purpose of these 3 cookies is and what creates them?

Answer 1

The three cookies you are referring to are:

1. AspNetCore.Cookies: This cookie is created by the ASP.NET Core Identity framework and is used to store authentication-related data such as the authentication ticket and the authentication scheme.
2. AspNetCore.Identity.Application: This cookie is also created by the ASP.NET Core Identity framework and is used to store information about the currently authenticated user. This includes the user's identity, authentication tokens, and other user-specific data.
3. idsrv.session: This cookie is created by IdentityServer and is used to store information about the user's authentication session. This includes the user's session ID, authentication timestamps, and other session-specific data.

These cookies are essential for maintaining the user's authentication state and ensuring that they can access protected resources on the website.