Authentication Cookie

[BartoGabriel]

Hello. First of all thank you very much for the project, it is being very useful to me.

I wanted to propose saving the authentication information in the cache memory, taking advantage of the fact that the memory is already used to store the tokens. This would make the authentication cookies much smaller.

Code

            builder.Services
                .AddAuthentication(options =>
                {
                    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;                    
                })
                .AddCookie(setup =>
                {
                    setup.SessionStore = new MemoryCacheTicketStore(TimeSpan.FromMinutes(60));
                    setup.ExpireTimeSpan = TimeSpan.FromMinutes(60);
                    setup.SlidingExpiration = true;
                })

Where MemoryCacheTicketStore would be in charge of saving the data in the cache and obtaining it. I can share the code.

Before:

After:

Secondly

You could stop using the session (AddSession), to handle the saving of tokens. With this approach of putting the SessionStore on the server side, the tokens could be saved in the user's claims and with a single cookie (the authentication one) all the user's data would be obtained.

What it wouldn't cover are users who aren't authenticated, but since they don't have a token it doesn't make sense to store anything.

Is my thinking correct or am I missing something?