FormsAuthentication.SetAuthCookie not setting Path or Domain?

Question

I have a web app can be installed on lots of domains and paths.

So:

• client1Name.{mySite.com}
• client2Name.{mySite.com}
<

Answer 1

The cookie is set at the domain level and is static. By default, the FormsAuthentication uses the TLD to set it, in this case {mySite.com}. In order to make it specific, you would have to tell it to use client1Name.{mySite.com}. In doing so, however, you would limit the cookie to that specific subdomain and the subdomain client2Name would no longer be able to access the cookie.

The path of the cookie restricts the subfolder that the cookie applies to. In the case of FormsAuthentication, again the default is set to the root /. You can manually set it to something else, but again, by setting it to /prospect1Name, all other folders immediately lose access to the cookie.

I'm not sure what behavior you are attempting to produce using these constraints, but it is unlikely that the cookie is the appropriate tool to do it. Mucking with the domain will limit the effectiveness of your authentication controls (unless that's precisely what you're trying to do).