Tom, keep in mind that the string you tack on to the cookie does not mean anything, it's just a text string tacked on
to disambiguate the cookies for hosts that share a domain.
We probably want whatever it is we advertise to the outside world as our "real" url (param SystemURL I guess) but it
could just as easily be some constant hashed together with the server secret (which would then just work automatically for clusters with no risk of collisions).