Are there any security implications with removing the COOKIE_DOMAIN ?