Hi, I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=VS.80).aspx. Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore. Any ideas as to which security update would have caused this and if its possible to rollback? I've looked at a few suggestions on this (e.g. Cross app on subdomain form authentication not working) and other sites but no luck so far Any help would be appreciated. Thanks