The setDomainCookies attribute of the cfapplication tag is used to associate a specific domain with a cookie so that a user's session is stored at the domain level (for example, .site1.com). In ColdFusion MX 6.1, when using the cfapplication tag with the setDomainCookies attribute set to yes, the wrong domain may be set on multihomed servers. The first time a domain cookie is set, the domain is determined and is set appropriately. Subsequent requests, even if they are from a virtual web site in a different domain, are set to the same domain as the initial request.
For example, server1 hosts two web sites, site1.com and site2.com. A customer requests http://www.site1.com/index.cfm, which sets a domain cookie for site1.com. The customer then requests http://www.site2.com/index.cfm, which should set a separate domain cookie for site2.com. Instead, site1.com is used again.
When specifying the setdomaincookies attribute, the domain is determined by first obtaining the server name from the web server (CGI.SERVER_NAME in CFML). If the server name obtained is "localhost" or "127.0.0.1", there is no domain. Otherwise, the domain name is the full string after the first dot in CGI.SERVER_NAME. This process does not occur correctly in ColdFusion MX 6.1 on multihomed servers and is logged as issue 53797. This TechNote provides a hot fix for the issue.