I thought .ASPXAUTH for user authentication? Can someone confirm if this cookie is really a security risk and / or contains session information? Is it supposed to be used or is it some kind of debugging thing?
I think you came across some comments related to forms authentication security. You can find more information here: h ttp: //visualstudiomagazine.com/articles/2010/09/14/aspnet-security-hack.aspx
Which boils down to the fact that a smart hacker can detect the machine key used to encrypt cookeis and create their own fake cookies.