What is Cookie Munging?
How it works?
When user requests page from server ASP.Net adds encoded session ID to every href in page. When user clicks a link ASP.Net decodes that encoded session ID and passes it back to the page the user is requesting. Now, the requesting page can use that ID to set or retrieve any session variables. This all happens automatically, if asp.net detects that the users browser do not support cookies.