re-generated every time IIS start or every time the application process is recycled
(when the application pool is recycled). My guess is that IIS6 uses a static encryption key.
Thefore if your application is trying the decrypte a cookie saved before the last recycling
the method FormsAuthentication.Decrypt() will raise the following Exception
System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
One solution is to add your own machine key in the web.config file in the section <system.web>.
<machinekey decryption="AES" decryptionkey="04BCBB3929F44DE6B7C0DD5C4A992A24E0E05565D5A718B59C3..." validation="SHA1" validationkey="40107878EFF79547946F85EE34808A7BDB9B7CB0EC2184029F1..." >
You can google machinekey generator to find online application that will generate the xml for you: