Comment by recursive
8 hours ago
> The cookie spec RFC 6265 section 5.1.2 defines the host name in a way that makes it ignore trailing dots. Cookies set for a domain with a dot are valid for the same domain without one and vice versa.
Well... that's not what the browsers do. If you're logged in to HN, try it now. Add a dot to the host name. Cookie is gone. Remove the dot. It's back.
That wouldn't be the first time web browsers do something that's contrary to spec (and sanity).
Also, I think the section that was intended to be referenced was section 5.1.3.