I need to detect if a request cookie - value is different from a response cookie - value.
Its not as easy as:
if(cookiesArePresent)
{
bool isDifferent = HttpContext.Current.Response.Cookies[".ASPXANONYMOUS"].value == HttpContext.Current.Response.Cookies[".ASPXANONYMOUS"].value;
}
But I read that changing the Response.Cookies changes the Request.Cookies. That would mean they are always the same if HttpContext.Current.Response.Cookies[".ASPXANONYMOUS"] was changed. Is there an easy way around this?
http://chance.lindseydev.com/2009/04/aspnet-httprequestcookies-and.html
If you use Reflector to examing System.Web.Security.AnonymousIdentificationModule, you can see that the anonymous cookie is only read/written in PostAuthenticateRequest.
So, if you suspect something is wonky, write a simple HttpModule that reads the cookie during AuthenticateRequest and compare it to the value you get in AuthorizeRequest.
For more information about the request lifecycle see Exploring Web.config - system.web/httpModules by yours truly.