gah!
I've just wasted about 45 minutes mucking about with cookies in ASP to discover that most browsers will just discard any cookie whose domain field doesn't match its originator.
After thinking about it, this is pretty reasonable - as richardc pointed out - the owner of www.aaaa.com wouldn't want the owner of www.bbbb.org.ru setting a visitors cookie for www.aaaa.com to something - trampling over its legitimate values.
Unfortunately most of the pages (on asp) I have read on the 'net entirely neglect to mention this and even go so far as to reccomend specifying a domain different to the originator to pass values from site to site - one site even reccomends sending userids in urls!
The problem with working with ASP is that bad practice is so prevelent that you have to use worse practice to get around all the shortcuts and bodges that are rampant in ASP implementations and microsoft shops.
