2.2.3 .ASPXAUTH Cookie

If a user's interactions with the HTML login URL have allowed the TSWPP server to establish the user’s identity, the remote server SHOULD generate a cookie that identifies the user and allows authentication to the server. The contents of the cookie SHOULD be signed and encrypted. The specific implementation of this cookie including the signing and encryption algorithms is dependent on the implementation of the TSWPP server, because only the server is required to parse the contents of the cookie. If the server implements the cookie, then the cookie MUST be returned in an HTTP payload with a Content-Type of "application/x-msts-webfeed-login".