ASP.net FormsAuthentication multiple domains spurious cookie created

[mudasar8k]

The company I work for has 2 domains that point at the same code base (the sites are basically the same but there are some theme and minor functionality differences) mydomain1.com and mydomain2.com. A user will either log in to one domain or the other and stay on that domain to use the app. To the user they are different applications. (I can't change any of that, it's a business decision and I inherited the problem.)There is a child site cms.{either domain}.com which can be accessed from either domain and does share a cookie with the parent site on the domain that it was accessed. If I only had 1 domain to worry about, I'd be able to put .mydomain1.com as the domain in the web.config files (for the \[code\]forms\[/code\] node of the \[code\]authentication\[/code\] section on both the main app and the cms) and there wouldn't be any problem.Instead I've been manually creating and expiring an authentication cookie, which I set the domain value on the fly depending on where the user is coming from (.mydomain1.com or .mydomain2.com). I do this from the \[code\]MvcApplication_AcquireRequestState\[/code\] event in Global.asax.cs (is this the right place?)My problem is, there seems to be some kind of cookie refresh thing going on which doesn't call my cookie creating code and it uses a null for the domain, thus leaving the domain value of the cookie up to the browser. So sometimes a cookie is created with the domain cms.mydomain1.com when it should have been just .mydomain1.com. (I have \[code\]slidingExpiration="true"\[/code\] for both the main app and the CMS)Does anyone know where this cookie refresh thing is (which I assume is related to slidingExpiration) and how I can force FormsAuthentication to use my code when refreshing the cookie?