Does ASP.NET Core 3.1/5 Identity uses Sessions for authentication? I know it uses cookie to store user information on the client machine for next requests, but thing which i don't understand is that, is only cookie enough or does it also created any session for this authentication cookie on the server?
By default, Asp.net core Identity is cookie based, the user's identity stored in a cookie. You could check the following links to configure ASP.NET Core Identity.
Configure ASP.NET Core Identity
Generally, using cookie is enough, after the browser session closed (close the browser), it will clear the cookie, and if reopen the website, we have to login again.
If you want to use session to store the user identity, you could set the CookieAuthenticationOptions.SessionStore property to configure the authentication provider options.
The SessionStore property is an optional container in which to store the identity across requests. When used, only a session identifier is sent to the client. This can be used to mitigate potential problems with very large identities.
More detail information about using SessionStore, you can refer the following articles: