Domain Name URLs use a fully qualified domain name in the URL name for a site. This may or may not include paths. For example, www.company.com is a fully qualified domain name. This strategy may also use a subdomain, such as one.company.com and two.company.com.

Because the entire fully qualified domain name is used across different servers that are accessing different domain names (for example a staging domain) the URL value must be transformed for use on other servers.

You can create a URL transformation rule for each server that takes the name of the staging site base URL and transforms it into the production site base URL. These transformed URLs are used for staging requests to site mappings, as well as across absolute URL links. For information on creating URL transformation rules, refer to the Platform Programming Guide.

Security Implications of Domain-based Site Context

If your Oracle ATG Web Commerce multisite application uses domains to determine site context, sharing session-scoped components will introduce the possibility of session hijacking for site visitors. A shared shopping cart is an example of a session-scoped component that will introduce this risk. When an application uses domains to determine site context, Oracle ATG Web Commerce must briefly include the session ID in site URLs. Oracle ATG Web Commerce has taken measures to reduce the risk of session hijacking posed by exposing the session ID. To eliminate the risk, do not use domains to determine site context.