The intranet home page application/website is currently set to anonymous. one application contains some code that must run in a directory that is locked down with Windows Authentication , so we created a new subsite with WindsAuth enabled.
Now the subsite code must be able to pass information in the PHP session to the parent application in the web root. the session contents of code running in a subsite are inaccessible to application code running within the web root.
the work-around right now is to move the whole parent application into the subsite. This work-around has managed to alleviate this issue in the past. However in this case we are unable to move the parent application into a subsite because the application is
the home page for the intranet website.
what is the downside of changing anonymous to windows auth?