Set the cookie domain for a claims-aware application
Applies To: Windows Server 2003 R2
On a Web server that is running the Active Directory Federation Services (ADFS) Web Agent for claims-aware applications, you can use the cookie domain setting to share an application at a higher level than the domain level that is specified in the Federation Service Uniform Resource Identifier (URI). In this way, you can expand the scope of requests for which a cookie will be sent.
If you do not configure a cookie domain, cookies are sent for only requests where the domain that is specified matches the domain in the Federation Service Uniform Resource Identifier (URI). For example, if no cookie domain is set and the domain in the Federation Service URI is Sales.Adatum.com, cookies are sent for only requests where the request URL matches Sales.Adatum.com. However, if you set Adatum.com as the cookie domain, cookies are sent for Sales.Adatum.com plus requests for any other domain with the suffix Adatum.com. For example, cookies are also sent for Northwest.Adatum.com.
The cookie domain setting is configured in the ADFS Web Agent for an application. For a claims-aware application, configure the ADFS Web Agent in the Web.config file.
Administrative credentials
To complete this procedure, you must have read-write access to the Web.config file.
To set the cookie domain for a claims-aware application using the Web.config file
In Notepad or other text editor, open the Web.config file that is in the Web application directory (typically \Inetpub\wwwroot\ApplicationName) on the Web server.
Search for the opening tag string <cookies.
In the current entry for <domain>, select the existing domain and replace it by typing the new domain name. If the <domain> entry does not exist, add the entry within the <cookies> tag, as follows:
<domain>DNSDomainName</domain>
Save and close the Web.config file.