My Server does (Javaish): Cookie cookie = new Cookie("testcookie", "testvalue"); cookie.setDomain(".foo.com"); response.addCookie(cookie); Problem: Webkit (tested with Safari and Adobe AIR) does send this cookie to server bar.foo.com but *not* to baz.bar.foo.com which I believe it should according to the 'spec'. From http://wp.netscape.com/newsref/std/cookie_spec.html <snip> When searching the cookie list for valid cookies, a comparison of the domain attributes of the cookie is made with the Internet domain name of the host from which the URL will be fetched. If there is a tail match, then the cookie will go through path matching to see if it should be sent. "Tail matching" means that domain attribute is matched against the tail of the fully qualified domain name of the host. A domain attribute of "acme.com" would match host names "anvil.acme.com" as well as "shipping.crate.acme.com". </snip>
I believe that which cookies to send may be handled by CFNetwork rather than WebKit in this instance.
This is certainly a bug below WebKit in closed source Apple system frameworks. Would you be willing to file it via http://bugreport.apple.com for Apple engineers to take a look?
Done. Filed new bug at http://bugreport.apple.com. Bug ID: 6046111 URL: https://bugreport.apple.com/cgi-bin/WebObjects/RadarWeb.woa/55/wo/CEXNtteGChlZIcmmyyorXw/16.57.20.0.3
Thank you! Now closing as INVALID per our process, this will continue to be tracked by Apple internally. <rdar://6046111>