I was helping to troubleshoot a problem with HttpWebRequest where a cookie came from the server but wasn't going back to the server.
The server (say www.foo.com) sends the cookie in the header of the response with attribute domain=www.foo.com. The .Net cookie class interprets this according to RFC 2965 and adds a period (dot) in front of the domain. So when we try to get the cookies for www.foo.com this cookie is not included. Specifying something like
The way I understand the RFC is that the domain should be foo.com instead of www.foo.com. However both IE and Firefox accepts this and sends the cookie back so no web server developer or tester would ever pick this up because the major browser works.