You can modify the behavior of the forms-based authentication by defining that behavior within a forms section in the web.config file.
See how it happens:
I specifically want to point out this part :
UseCookies requires that all requests have the credentials stored in a cookie. AutoDetect auto-determines whether the details are stored in a cookie on the client or within the URI (this is done by sending a test cookie first). Finally, UseUri forces ASP.NET to store the details within the URI on all instances.