Information
By encrypting and validating the cookie, the confidentiality and integrity of data within the cookie is assured. This helps mitigate the risk of attacks such as session hijacking and impersonation.
Solution
Cookie protection mode can be configured by using the user interface (UI), by running Appcmd.exe commands in a command-line window, by editing configuration files directly, or by writing WMI scripts. Using IIS Manager: Open IIS Manager and navigate to the level where Forms Authentication is enabled In Features View, double-click Authentication On the Authentication page, select Forms Authentication In the Actions pane, click Edit In the Cookie settings section, verify the drop-down for Protection mode is set for Encryption and validation