I am trying to set up an internal-only web server of our production websites for QA and development testing. There is no need or intention to access this dev site from outside of the corporate network.
In production mode, the website is configured across multiple subdomains, and cookies are shared from site to site to share the ASP Session ID. This is the primary crux of my issue.
For example, in production we might have
login.example.com (handles user authentication requests)
settings.example.com (handles shared configurations)
product1.example.com (handles product specific functionality)
The closest thing I've been able to implement internally has been this, but...
qaserver:1234 -> login
qaserver:1235 -> settings
qaserver:1236 -> product1
...if the IIS 'cookie domain' setting is set to the host name, then users can log in with Firefox only (IE and Chrome do not store the cookie properly). In production they set the cookie domain to ".example.com", since everything is subdomained, it just works perfectly. If it is set to '.', then nobody can log in. I think there is a difference between how Chrome and IE handle cookies and how Firefox does, where Firefox does not care about the port numbers but the other browsers seem to care.
The qaserver machine is part of a local area domain. I have complete admin access to it, but not to any other machine (like the domain controller, firewalls, proxies, etc).
I only need the server accessible to the local area network, and the only real requirement is for cookies to work between the sites.
Can someone suggest a setting for the cookies to make them work across port numbers, or... Is it possible to use host header names to mimic the subdomaining used in production? I can install a DNS server on this machine, but I don't know much about how DNS works.
UPDATE:
The fix was to set the cookie domain to blank string. Our Web deploy process had restrictions on allowing that value to be set to blank, which is why I didn't try it.
