I haven't an OpenACS install to hand, so this may not address your
particular problem - but was having some fun this morning with Moz
and cookies. It was (silently) refusing to set a cookie if there was
a domain specified and it didn't have the requisite two dots (e.g.
.foo.com rather than foo.com), although it would happily set a
cookie on foo.com so long as it wasn't specified in the header.
Looking at the 'spec'
on Netscape's site, it yabbers on
about two or three dots and offers some hokey rules for determining
what level is safe. The particular example they offer, though ...
A domain attribute of "acme.com" would match host names
"anvil.acme.com" as well as
"shipping.crate.acme.com"
... is what fails in Moz at present. (This morning's testing was
with
0.9.6 on Linux, but I've just tried in 0.9.9 too). For that
behaviour reasonably reliably it does work to set it on .acme.com,
which does still present the cookies back for the host 'acme.com'
too - even though that doesn't tail match the given domain (how true
is this in other browsers?). Urgh.
