Cookie Sharing with Internet Explorer 8 and the Starter Site

With Commerce Server 2007 and 2009, if you are using a site based on the Core API such as the Starter Site, you can set the site to share cookie domain level at 2. If you have the web application non-secure hostname (for example: NonSecName.testsite.com) set to a different name than secure host name (for example: SecName.testsite.com, same testsite.com), the cookie sharing works correctly in Internet Explorer 6 and 7 but not in Internet Explorer 8.

The symptom:
Anonymous user add items to cart, then switch the URL from the non-secure hostname to secure hostname by an action such as going to checkout, the items in the basket will disappear in Internet Explorer 8 for the same anonymous user.

Resolution:
For code based on the Starter Site, modify the Starter Site code before you set the site_identity cookie, set Cookie.Domain= “testsite.com”.

(App_Code/SiteSecurity.cs)
________________________________________________________________
public static HttpCookie CreateUserCookie()
{

cookie.Value = CommerceContext.Current.UserID;
if (!isAnonymousUser)
{
cookie.Value += "/" + HashValue(userProfile.EmailAddress);
}
cookie.Domain = "testsite.com";/*Jason: this is what I added*/
HttpContext.Current.Response.Cookies.Set(cookie);