>In my web.config I have the following:
>
> <authentication mode="Forms">
> <forms name="MyAppName" path="/" loginUrl="MyAppLogon.aspx"/>
> </authentication>
>
>
>Therefore, user has to enter his/her ID and password which are validates in the MyAppLogon form.
Ah ok, this is ASP.NET related and not IIS.
>I have not had problems with browser blocking cookies because the app is installed on intranet and the users know that they have to allow cookies. But what I should have said, correcting myself, is when the application is using Form Authentication the cookie is not used. But when the application runs without form authentication (anonymously), the cookie is used to get the user name/email/etc. from the database.
If the cookie is not used on Form Authentication, what is the persisent method being used? ...HTTP header?