FormsAuthentication.CookieDomain property


<br />



FormsAuthentication.CookieDomain property specifies the domain for which this cookie is valid. Overriding this property is useful if you want to enable the cookie to be used for more applications on your web server


A) I assume the quote is suggesting that if same browser is used to log onto two web applications, then overriding this property will cause these two applications to put their tickets into same authentication cookie?

B) Doesn’t above quote imply that if we only have one Asp.Net application running on our web server, then we don’t need to overwrite the default value (which is an empty string)?

But as far as I know, even if we only have one Asp.Net application running on our web server, we would still need to set this property to a value representing our domain, else forms authentication would not work?!


Correct. You don't need to override the value if you only have one application, but you don't need to set it either, it is worked out for you.

Really this is for situations where you may have one application on <a href="http://www.example.com" rel="nofollow noreferrer">http://www.example.com</a> and one on <a href="http://host1.example.com" rel="nofollow noreferrer">http://host1.example.com</a> - setting the cookie domain to example.com means they will share the same cookie.