Gate keeper cookie

What is claimed is: 1. A method for sign-on and sign-out for a computer system, the method comprising: on a server computer, receiving a first sign-on request for the computer system; obtaining, from the first sign-on request, a first user identifier, the first user identifier corresponding to a first user for the computer system; obtaining, from the first sign-on request, a first uniform resource locator (URL); determining whether the first URL includes a first root name for the computer system; and when a determination is made that the first URL includes the first root name for the computer system: issuing a first cookie; associating the first cookie with the first user; obtaining a first sub-domain name from the first URL; issuing a second cookie, the second cookie being different from the first cookie; associating the second cookie with the first sub-domain name; and when the first cookie and the second cookie are issued, signing-on the first user to the computer system; after the first user is signed into the computer system, receiving a sign-out request for the computer system; obtaining, from the sign-out request, a second user identifier; obtaining, from the sign-out request, a second URL; determining whether the second user identifier is the same as the first user identifier; determining whether the second URL includes the first root name; when a determination is made that the second user identifier is the same as the first user identifier and when it is determined that the second URL does not include the first root name: obtain the second cookie from the server computer; obtain the first domain name from the second cookie; obtain the first cookie using the first domain name; clear the first cookie; determine whether the second cookie includes any additional sub-domain names for which cookies have not been cleared; and when a determination is made that the second cookie does not include any additional sub-domain names for which cookies have not been cleared, clear the second cookie. 2. The method of claim 1 , wherein the first cookie includes the first user identifier and a cryptographic representation of the first user identifier. 3. The method of claim 1 , wherein the second cookie includes the first user identifier and a cryptographic representation of the first user identifier. 4. The method of claim 1 , further comprising: after the first user is signed in to the computer system, receiving a sign-out request for the computer system; obtaining, from the sign-out request, a second user identifier; obtaining, from the sign-out request, a second URL; determining whether the second user identifier is the same the first user identifier; determining whether the second URL includes a second root name; and when a determination is made that the second user identifier is the same as the first user identifier and when a determination is made that the second root name is the same as the first root name, clearing the first cookie, the clearing of the first cookie signing the first user out of the computer system. 5. The method of claim 4 , further comprising: after the sign-out request is received, initiating an expiration of the second cookie. 6. The method of claim 4 , wherein initiating an expiration of the second cookie comprises, starting a timer to time-out the second cookie. 7. The method of claim 1 further comprising: receiving a second sign-on request for the computer system; obtaining, from the second sign-on request, a third user identifier; obtaining, from the second sign-on request, a third URL for the second sign-on request; determining whether the third URL includes the first root name for the computer system; and when a determination is made that the third URL includes the first root name: determining whether the third user identifier is the same as the first user identifier; and when it is determined that the third user identifier is the same as the first user identifier: obtaining a second sub-domain name from the third URL; issuing a third cookie, the third cookie being a cookie; and associating the third cookie with the second sub-domain name. 8. The method of claim 7 , wherein the third cookie includes the first user identifier and a cryptographic representation of the first user identifier. 9. The method of claim 7 , further comprising: receiving a sign-out request; and after the sign-out request is received, clearing the first cookie and initiating an expiration of the second cookie and the third cookie, the clearing of the first cookie signing the first user out of the computer system. 10. The method of claim 1 , wherein the computer system is a multi-tenant computer system. 11. The method of claim 10 , wherein the first sub-domain name corresponds to a tenant website hosted on the multi-tenant computer system. 12. The method of claim 1 , further comprising, after the first user is identified: determining whether the first user is signed-in to the computer system; and when it is determined that the first user is not signed-in to the computer system, redirecting the first sign-on request to a sign-on service. 13. A method for sign-on and sign-out for a computer system, the method comprising: on a server computer, receiving a first sign-on request for the computer system; obtaining, from the first sign-on request, a first user identifier, the first user identifier corresponding to a first user for the computer system; obtaining, from the first sign-on request, a first uniform resource locator (URL); determining whether the first URL includes a first root name for the computer system; when a determination is made that the first URL does not include the first root name for the computer system: obtain a first domain name from the first URL; issuing a first cookie, the first cookie being a cookie; associating the first cookie with the first domain name; issuing a second cookie; storing in the second cookie, the first domain name; and when the first cookie and the second cookie are issued, signing-on the first user to the computer system; after the first user is signed into the computer system, receiving a sign-out request for the computer system; obtaining, from the sign-out request, a second user identifier; obtaining, from the sign-out request, a second URL; determining whether the second user identifier is the same as the first user identifier; determining whether the second URL includes the first root name; when a determination is made that the second user identifier is the same as the first user identifier and when it is determined that the second URL does not include the first root name: obtain the second cookie from the server computer; obtain the first domain name from the second cookie; obtain the first cookie using the first domain name; clear the first cookie; determine whether the second cookie includes any additional sub-domain names for which cookies have not been cleared; and when a determination is made that the second cookie does not include any additional sub-domain names for which cookies have not been cleared, clear the second cookie. 14. The method of claim 13 , further comprising: on the server computer, receiving a second sign-on request for the computer system; obtaining, from the second sign-on request, a second user identifier, the second user identifier corresponding to a second user for the computer system; obtaining, from the second sign-on request, a second uniform resource locator (URL); determining whether a second URL includes the first root name for the computer sy