As far as I know the code in global.asax under Application_AuthenticateRequest is fired every single time a page is requested in your application. And I don't believe it is fired when you call SetAuthCookie, although you could test this out by putting a breakpoint in the event code.

And just to make sure, I assume you are talking about this code by the way:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{

}