Authentication Cookies Behavior When Visiting Different Portals


The .DOTNETNUKE cookie, which is the default name for the forms authentication cookie, is stored for a specific domain (as specified in the web.config). When Portals share the same domain but a specific user only exists on one of them, there is a conflict as the cookie is present for the domain, even though invalid.


  • DB access / JIRA access


The default behavior when a user, which only exists on the parent domain visits a child domain, is as follows:

1. If the Child Portal shares the same domain as the Parent one - In this case as soon as the user visits the Child Portal (where the account isn't added yet), the authentication cookie will be removed, and the user will be logged out from the parent site as well. To resolve this, the user account needs to also be created/registered for the Child Portal.

2. If the Child Portal uses a different top-level domain - In this case, since authentication cookies are domain based there is no authentication cookie for the domain, and the authentication cookie will not be affected. However, to be able to log in to the child site, the account needs to be created/registered there as well.



Article is closed for comments.