By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/cookie_spec.html)
When working on localhost
, the cookie domain must be omitted entirely. You should not set it to ""
or NULL
or FALSE
instead of "localhost"
. It is not enough.
For PHP, see comments on http://php.net/manual/en/function.setcookie.php#73107.
If working with the Java Servlet API, don’t call the cookie.setDomain("...")
method at all.