NO my dear friend Imar: Yes! u r right but I didnt meant that!
I didnt know how is he going to validate user so I guess he is using ASP.net AUTHENTICATION! So i that case he didnt need to read the cookies diractly & ... does he?!
in other case cookie can not be a good was to contol user authentication isnt it?!
sorry for my bad response.
Always:),
Hovik Melkomian.