Stan,
Nope. That wasn't the problem. I patched that file the day I upgraded it. I'm 99% sure it's the SSL. My development machine runs the same code but doesn't have nsopenssl installed and the dev machine can read the cookies correctly. I'm going to poke around in the ACS 4.x code.