Pretty neat solution. But this way, you are restricting the use of the cookie to HTTP. So you can’t use the cookie client side AND via XmlHTTPRequests…
So basically, why does one need a custom cookie? Why not just put the value in the ASP.NET Session? Like this:
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=ig2fac55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 26 Aug 2008 10:51:08 GMT
Content-Length: 2838