The first one that comes to mind would be to invalidate all existing cookies so that the ones accessible to the other server aren't useful. I wouldn't call that the "best" since invalidating cookies can be annoying for users, but I'm sure there are other ways.
If a user has a cookie for example.com (your domain) and type in vendor.example.com in the web browser how would you invalidate these cookies before they are sent to the vendor? Or even after they are sent? I struggle a bit with seeing how this could be done in a secure manner.
