Microsoft Commerce Server 2002 and Commerce Server 2000 cannot host multiple domains that use the following:

• A host header
• The same content for multiple Commerce Server sites or multiple Commerce Server applications

If you specify multiple domain names that are based on the configured non-secure host name, authentication may fail. The number of shared domains and the Home directory configuration must be performed for each Commerce Server site or each Commerce Server application.

You may have a Commerce Server site that is configured as "One.domainname.com." That Commerce Server site is set to "2" for cookie sharing. The domain is correctly set for the cookie that is named "Domainname.com." However, if you configure a Commerce Server site as "Two.otherdomainname.biz," the Commerce Server site cannot be accessed by clients. In this case, Microsoft Internet Explorer continuously returns users back to the authentication pages.

The Commerce Server authfilter relies on the Csapp.ini file to obtain the Commerce Server site name that corresponds to the domain configuration. Therefore, a single Commerce Server site or a single Commerce Server application must correspond to a single Csapp.ini file. The Home directory and the Authfiles directory that you configure must not be shared.

Additionally, Internet Explorer cannot accept the cookie or process the cookie. This is true if the domain names do not match. This is the reason that authentication is requested again in the incorrect configuration.

Use a common domain naming format for a single domain name when it shares cookies in Commerce Server.

This behavior is by design.

For additional information about enabling cookie sharing across domains, visit the following Microsoft Developer Network (MSDN) Web site: