My application was written in ASP.Net 3.5 due to server limitations at the time and so some of the newer encryption methods were not available to me. I found this clever solution to encrypt my cookie data string and used it.
This code works fine if you are within the same domain, but my apps were on two different sub domains. The servers were different OSs and the applications themselves were different versions of .Net - one was ASP.Net 3.5 and the other was ASP.Net 4.0 which apparently encrypt and decrypt data completely differently and so even though my cookie was encrypted in the 3.5 app, the 4.0 app couldn't decrypt it.
You have to use a common machine key between the applications. That's understandable, but when apps are different .Net versions you also have to tell the machine key which Framework to use so that if you encrypt cookies, your apps are speaking at the same level. Use the compatibilityMode attribute on the machine key node in your web config to set this value on both your web applications. Below is the example. I had to use Framework20SP2 since one of my apps was 3.5. See Microsoft's article for additional frameworks.
<machineKey validationKey="NumbersHere" decryptionKey="MoreNumbersHere" validation="EncyrptionMethodHere (i.e. AES, SHA1, HMACSHA256, etc.)" decryption="DecryptionMethodHere (i.e. AES, DES, Auto, etc.)" compatibilityMode="Framework20SP2" />
Voila! Success encrypting a cookie between sites on sub domains with differing versions of ASP.Net.