Then in your web.config use an authentication section similar to the following:
<authentication mode="Forms"> <forms name="myCookie" timeout="20" loginUrl="Default.aspx" defaultUrl="Default.aspx" protection="All" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseDeviceProfile" domain="domain.com" enableCrossAppRedirects="true" /> </authentication>
Internet Explorer will only pass cookies from one site to another if they have the domain cookie attribute set; i.e. the Fully Qualified Domain Name is required. Moreover all GET/POST must use the FQDN, as any Response.Redirect. The reason behing this is security, to make sure that a cookie is not passed to another site, thus exposing to cookies stealing.
Carlo