Forms Authentication across Sub-Domains on local IIS

Question

I know a cookie can be shared across multiple subdomains using the setting

Answer 1

localhost.users and localhost.host is cross domain. Cookies cannot be shared cross domain.

You could configure it like this so that the sub-domain differs but the root domain stays the same:

• users.localhost
• host.localhost

Now set the cookie domain in your web.config to localhost:

domain=".localhost"

and in your c:\Windows\System32\drivers\etc\hosts file add the following 2 entries:

127.0.0.1 users.localhost
127.0.0.1 host.localhost

Now you will be able to successfully share the authentication cookie between users.localhost and host.localhost.

Ah, and don't forget to put a step in your automated build process that will transform your web.config value to the correct root domain before shipping in production.