ASP.NET supports cookieless forms authentication out of the box. You can configure it through the cookieless attribute of the <forms /> tag in the <authentication /> section:
<!– Detailed configuration options –>
The next table describes cookieless option possible settings in details:
If this configuration option is selected, cookies will not be used for authentication. Instead, the runtime encodes the forms authentication ticket into the request URL, and the infrastructure processes this specific portion of the URL for establishing the security context.