My main application, my forum, and the blog are all definitely running .NET 4.0 as my hosts won't let you differentiate within a single account. The reason I upgraded the blog is because I was forced to start using .NET 4.0 on the main application,
so the others had to fall in line. I may have been wrong in saying that I upgraded from 2.0 to 2.5, it may have actually been 1.6 to 2.5, but I don't think that's relevant.
All of my relevant config sections match as suggested by Microsoft to share cookies. Here are the typical steps I'm performing.
1. Login to parent application (login successful)
2. Navigate to forum (authentication recognized)
3. Navigate back to parent application (authentication recognized)
4. Navigate to blog (authentication not recognized)
5. Navigate back to parent application or forum (user has been logged-out). Look in cookies, original authentication cookie gone.
Basically any time I navigate to the blog my current cookie gets destroyed and a .ASPXANONYMOUS cookie is created. I can login to the blog directly, but the resulting cookie is not recognized by the parent application or the forum.
The only anomaly I've seen is that, if I login to my parent application only a single authentication cookie, CSWRFORMAUTH, is created. However, if I log into the blog directly, 2 cookies are created, 'CSWRFORMAUTH' & 'CSWRFORMAUTH-27604f05-86ad-47ef-9e05-950bb762570c',
not sure if that holds any clues.