Fun with cookies

Posted at 14:35 on 13 May 2005

Encountered a rather bizarre problem this afternoon with ASP.NET forms authentication. We tried logging onto the KF beta website on one particular machine, only to find that it kept dumping us back into the login screen again! No indication of a password being rejected or anything. Tried it in Firefox. Same result. I then tried it on my own laptop, and it worked fine, in both IE and Firefox. Tried it on one of the Apple Macs, and it worked perfectly in Safari but gave the same anomalous behaviour in Internet Explorer. Even more confusingly, on another Mac it worked fine on both browsers!!!!

A little bit of rootling around soon uncovered the problem. The other day I made a change to the code so that if you logged on to one site you would log on to all of them. It does this by creating an authentication cookie using FormsAuthentication.GetAuthCookie() and altering the Domain property to our root domain, kingdomfaith.com, rather than simply using FormsAuthentication.RedirectFromLoginPage() which gives a cookie specific to the subdomain.

The result of this was that browsers that had visited the beta site before I made the change were now storing two authentication cookies. One for kingdomfaith.com and one for the beta site. Obviously, the old, subdomain-specific cookie was hiding, or somehow interfering with the new, general one.

However, this puzzles me a bit. The cookie that was set for the subdomain had exactly the same functionality as the cookie for the root domain. So... why wasn't it recognising it? Perhaps I'll do some experimenting one of these days to try and find out, but since it was easily solved on the affected computers by deleting the offending cookies, I think that can be considered a priority 4 task (neither urgent nor important)...