I have a login cookie for www.mysite.com and several sub-domains, eg.:
- www.one.mysite.com
- www.two.mysite.com
- www.three.mysite.com
In IE only (firefox does not do this) if I log on in mysite.com, it appears as though that cookie is shared across all subdomains (logged in to all sites). If I log on using a subdomain (one.mysite.com), the cookie is not shared (only logged into one.mysite.com).
www.mysite.com and www.one.mysite.com share the same web.config file, and I don't mind them sharing a login cookie (it's the same site with a different url is all), but not across the rest of the sites.
How do I stop IE from sharing the cookie to all or some subdomains?
Can I do this just using the web.config file?
Update:
I'm using membership and role manager in my web.config file. In the above problem I have not set
<authentication mode="Forms"> <forms domain="...
As far as I can see,
<authentication mode="Forms"> <forms domain="mysite.com" ...
can either allow only one domain (www.mysite.com), or all subdomains (.mysite.com). I need a way to allow www.mysite.com and one subdomain. Is this possible?
Can I tell the other subdomains not to accept the .mysite.com cookie?