Reason to rename ASP.NET Session Cookie Name?

Question

is there any reason (safety?) why someone should rename the ASP.NET Session Cookie Name or is it just a senseless option of ASP.NET?

Answer 1

With cookie prefixes, you can add a security attribute to your cookie by naming it a special way. So in that case renaming your ASP.NET session cookie does have an impact on security:

• __Secure-… cookies can only be written from secure (HTTPS) sites.
• __Host-… cookies can only be written from the same, secure domain. So not from subdomains or insecure (HTTP) sites.