Updating the Domain in Forms Authentication Cookie

Question

I have an inherited application (let's call it app.mydomain.com) that I'm trying to update the domain in the cookie that gets set via the web.config. Currently, its something like this:

<authetication mode="Forms">
<forms loginUrl="~/" timeout="2880" cookieless="UseCookies" domain=".mydomain.com"/>
</authentication>

There is separate application at app2.mydomain.com also using forms authentication, and the cookie from the app.mydomain.com conflicts with it. The app2.mydomain.com correctly references the full domain in its forms authentication block so it works fine as long as the app.mydomain.com cookie isn't around. My plan was to simply change the .mydomain.com reference in the web.config to app.mydomain.com to resolve this conflict.

My question is how does that existing cookie on app.mydomain.com behave once that web.config is updated in production? Does it overwrite the existing cookie as it sees this update? Does the existing cookie stick around and have to be flushed out before the new one will take effect? Thanks in advance.

Answer 1

So I ended up approaching this a bit differently. It hadn't occurred to me, but it was setup this way to accommodate the app and api being on different subdomains. By setting it to .mydomain, both could access the authentication cookie. When I removed the domain attribute, I was able to login but threw me back to login right away. So I ended up keeping this application using this format (.mydomain), then changed the second application to use it as well. This allows for one login sets credentials that are accessible to both applications. I was just trying to resolve the cookie conflict, but this is even better.