[dsl]

Never co-host real applications and user controlled sites on the same root domain. You're just asking for a neverending stream of problems. (This is why everything ends up on googleusercontent.com and friends instead of google.com)

[granda]

Can you go into more detail why? I'm curious.

[koolba]

It can lead to security issues with cookie sharing and domain validation.

My example would have been better as <uuid>.canoncam.com