Forms Authentication is a built-in and extensible system for authenticating users in an ASP.Net application that also maintains that authenticated session via a ticket (often stored as a cookie or query string parameter).
Forms authentication
uses an authentication ticket that is created when a user logs on to a site, and then it tracks the user throughout the site. The forms authentication ticket is usually contained inside a cookie. However, ASP.NET version 2.0 supports cookieless forms authentication, which results in the ticket being passed in a query string.
Source from : Form authentication microsoft