Cookies with and without the Domain Specified (browser inconsistency)

Question

I\'ve noticed that there are some real inconsistencies between browsers in terms of cookies.

This is going to be rather long so bear with me.

Note:

Answer 1

@WilliamBZA's suggestion helped solve the initial problem, but then signout/session timeout bug that results in the cookie creating an implicit domain cookie has made me come to the conclusion that the solution is...

Don't use Explicit cookies in .NET... ever

There are far too many problems, sure they can be solved by being explicit on the Form/Domain, Cookie/Domain, etc. To ensure that the correct domain is used everywhere. But if your application hosts multiple domains or is multi tenant, then it just becomes too problematic.

Lesson is learnt. Don't use explicit cookies.

Answer 2

Can't help with why the cookies are treated differently, but a quick fix would be to use a different cookie name per sub-application rather than using the domain of the cookie.

In the case of Forms Authentication, change the name of the ASPXAUTH cookie.