WebApp Sec: IIS session cookies

[Cade Cairns <cairnsc () securityfocus com>]

Hello webappsec,

I'm looking for information on how IIS session cookies are formed (that
is, what data they consist of or how they are encoded, etc.)  Is anyone
aware of any papers or resources on the subject?

Thanks,

Cade Cairns
Symantec Corporation