This article was previously published under Q310415
This article has been archived. It is offered "as is" and will no longer be updated.
When you use mobile forms authentication, requests are not redirected to the page that is specified in the loginUrl attribute.
Mobile forms authentication is built on the ASP.NET forms authentication platform. A security issue exists when multiple Web applications are using mobile forms authentication with the same cookie name, keys, and (or) cookie path. In this scenario, it is possible to be authenticated in one application and to make a request to the other application without being redirected to the logon page for authentication. However, authorization rules still apply, which means that even though the user is authenticated on the second application (even though the user did not explicitly log on), the user may still be denied access to a resource because of the configuration.
To resolve this behavior, use one of the following methods:
Provide a different value for the name attribute of the <form> element in the Web.config files: