How Browser Cookies work in SharePoint

Overview:  SharePoint by default uses disk-based persistence using a FedAuth Cookie.  In most enterprise clients there are multiple different application and authentication providers.  Cookies can be set for session persistence in multiple ways and as the application world is walking toward SSO is becoming even more prevalent for unexpected behavior to happen with cookies.

Thoughts:

• Cookies that keep are responsible for authentication can be stored for the browser sessions either on Disk or in session.
• By default, SharePoint uses disk-based authentication for the user's session using the FedAuth cookie.  Switching to session based persistence should not be undertaken without considerable forethought.
• Watch out for IE's odd behaviour relating to session whereby domain level permissions are passed down to sub-domains.

Chrome Developer Tools makes it easy to monitor cookies on sites: F12 > Application > Cookies > Chose the site to see the cookies

More Info:
http://erik.io/blog/2014/03/04/definitive-guide-to-cookie-domains 
http://blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-ie-cookie-internals-faq.aspx
https://blogs.msdn.microsoft.com/ie/2009/05/06/session-cookies-sessionstorage-and-ie8-or-how-can-i-log-into-two-webmail-accounts-at-the-same-time/

Change to session cookies for Claims Based Authentication

When you log into SharePoint using Claims Based Authentication, a cookie is written/persisted to ​disk (FedAuth) to persist your session, which prevents you having to be authenticated each time you open a new browser or re-boot.  So using a FedAuth cookie allows the browser to close and re-open windows as long as the FedAuth cookie has not expired.  For ADFS, FedAuth cookie expiry is by default set to expire 10 minute earlier than the SAML token.

You can change the cookie to be session based by running this PowerShell script:

$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()
iisreset

You can revert back to a disk based cookie (default) by running this:

$sts.UseSessionCookies = $false
$sts.Update()
iisreset

Show cookies on a local machine for Internet Explorer

IE > Internet Options> General > Browser history "Settings" > Temporary Internet Files "View files".

Also see: http://blog.sharepointsite.co.uk/2015/08/fedauth-notes-for-problem-solving.html

Update 2016/03/10

Tip:  I wanted to examine a cookie to check the user being authenticate, and I opened the cookie using a base64 online decoder https://www.base64decode.org/

Update: 2016/11/23

IE Developer tool bar and Fiddler are great and easy to use and pretty feature rich but lately I have been using Chromes Developer toolbar press "Ctrl" + "Shift" + "i".