I am using Cookies in JSP/Servlets and the following doubt came to my mind.
In the Cookie RFC 2109 in section 4.3.2 it says,
A Set-Kookie from request-host y.x.foo.com for Domain=.foo.com
would be rejected, because H is y.x and contains a dot.
But when I test it myself on my server it doesn't follow this constraint. I have x.y.myserver.com domain and servlet written there. I set kookie with domain = .myserver.com and it works. It allows setting me that kookie.
Anybody knows why this happens? Doesn't browsers follow the RFC? OR was there some addendum or part that I missed for that RFC which describes this anomaly.