When use Cookie authentication schema in ASP.NET core applications, session data by default is saved in client as Cookies. If the session data (incl. user claims) are big (more than 4090 characters), it can be split into multiple chunks. You can notice that via application identifier cookie:
- .AspNetCore.Cookies: chunks-2
- .AspNetCore.CookiesC1: XXX
- .AspNetCore.CookiesC2: XXX
Instead of storing session data in client cookies, we can also store the session data in any store that implements ITicketStore
. It can be databases, memory cache or distributed memory cache like Redis.
This diagram shows a simple solution of using Azure Cache Redis as session store. The following links can be referenced to implement a solution like this.
References
Cookie size and cookie authentication in ASP.NET Core - Honza’s Blarg (hajekj.net)
ChunkingCookieManager Class (Microsoft.AspNetCore.Authentication.Cookies) | Microsoft Docs
Session in ASP.NET Core | Microsoft Docs
Matteo's Blog - Implementing a custom ITicketStore for ASP.NET Core Identity (ml-software.ch)
Using Redis Cache for session data storage in ASP.NET Core - Joonas W's blog