Can a WebSphere Application Server cell span multiple DNS domains?

Prior to WebSphere Application Server V6, the answer was no. This is because when you configured WebSphere Application Server security, one of the items you needed to specify was the LTPA token SSO domain. If you left it blank, the LTPA token/cookie domain was set to blank, which meant that the cookie went back to the same host only. If you provided a value, the cookie domain was set to that and then the cookie would go back to hosts within the same DNS domain. This is the behavior required by the HTTP specification. The problem was that if your cell (or really the Webservers) served requests for multiple DNS domains, there was no way to specify more than one domain. As of WebSphere Application Server V6, the
SSO domain value specified to WebSphere Application Server can contain multiple DNS domains. Now,  you specify all of the domains you need.
When WebSphere Application Server creates the cookie, it will set the domain value for the cookie (the  HTTP spec allows for only one value) to the value from the inbound request that matches one of the configured domains.
Examples of a valid domain name are ibm.com and tx.gov. Examples of invalid domain names are ibmus and state_tx.gov. Some users have experienced a problem with Internet Explorer (IE), in that IE 5 and IE 6 do not seem to accept the LTPA token when the domain defined in the SSO domain field is less than five  characters, excluding the period, such as "cn.ca".