Cookie Sharing
Users can be tracked across multiple domains and applications by sharing cookies. Cookie sharing is accomplished by setting two properties on the cookie, **domain****and path. This resembles the following:
";domain=DomainName;path=Path"
The domain property is used to specify the domains for which the cookie is valid. The path property is used to specify the subset of URLs in the domain for which the cookie is valid.
Before sending a request, the client browser checks to see if a cookie is available containing a domain property that matches the tail of the fully qualified domain name of the host specified in the requested URL. If such a cookie exists, the path property of the cookie is compared to the path name component of the requested URL. If they match, the cookie is sent with the request.
On the server side, while setting the property, if the value of the domain property is not specified, it defaults to the host name of the server that generated the cookie. Only hosts within the specified domain can set the domain property on the cookie. The most general path property is '/'. If the path property is not specified, it defaults to the path of the virtual root of the IIS application that generated the cookie. For more information about cookie sharing, see http://www.cis.ohio-state.edu/htbin/rfc/RFC2109.html.
In Commerce Server 2000, each site has its own cookies by default, however, the AuthFilter allows these cookies to be shared.
To share cookies between sites in the same domain, set the b_CookiePath_ApplicationScope property (uncheck the "Set cookie path to application" check box in the Commerce Server Manager user interface) to False. This causes the host to set the path property to '/'. If the b_CookiePath_ApplicationScope property is True, the path property is set to the current application path.
To share cookies between domains, set the u_CookieDomain_Scope property ("Number of shared domain levels" in the Commerce Server Manager user interface) to the required number. For more information, see RFC2109.