Cookie Sharing

With AuthFilter enabled, you can share cookies across multiple domains and applications to track users that are redirected to multiple domains and applications. Cookie sharing is accomplished by setting two properties on the cookie, **domain****and path. This resembles the following:

";domain=DomainName;path=Path"

The domain property is used to specify the domains for which the cookie is valid. The path property is used to specify the subset of URLs in the domain for which the cookie is valid.

Before sending a request, the client browser checks to see if a cookie is available containing a domain property that matches the tail of the fully qualified domain name of the host specified in the requested URL. If such a cookie exists, the path property of the cookie is compared to the path name component of the requested URL. If they match, the cookie is sent with the request.

On the server side, if the value of the domain property is not specified when the property is set, it defaults to the host name of the server that generated the cookie. Only hosts within the specified domain can set the domain property on the cookie. The most general path property is '/'. If the path property is not specified, it defaults to the path of the virtual directory of the IIS application that generated the cookie.

In Commerce Server 2002, each site creates its own cookies by default; however, AuthFilter allows these cookies to be shared.

This section contains:

• Enabling Cookie Sharing across Domains
• Enabling Cookie Sharing Across Applications

Copyright © 2005 Microsoft Corporation.
All rights reserved.