When use Cookie authentication schema in ASP.NET core applications, session data by default is saved in client as Cookies. If the session data (incl. user claims) are big (more than 4090 characters), it can be split into multiple chunks. You can notice that via application identifier cookie:
- .AspNetCore.Cookies: chunks-2
- .AspNetCore.CookiesC1: XXX
- .AspNetCore.CookiesC2: XXX
Instead of storing session data in client cookies, we can also store the session data in any store that implements
ITicketStore. It can be databases, memory cache or distributed memory cache like Redis.
This diagram shows a simple solution of using Azure Cache Redis as session store. The following links can be referenced to implement a solution like this.