Or, "The evilest underscore: a tale of woe." Did you know that the underscore character ( _ ) is technically not valid for domain names or subdomains? If you're like me, you didn't read RFC 1034 and RFC 1035 before deciding on subdomain names for your test servers. The insidious thing is that all appears to work just fine for DNS resolution and web browsing. On all browsers except one: MSIE 6.0.
The symptom? Oh, just that it won't accept cookies from that domain. Everything else works fine--making you think you're going crazy. I ran through HTTP headers and Apache config files with a fine tooth comb until I finally laughingly exclaimed, "the only difference between these two servers is that one has an underscore in the subdomain!" I resignedly Googled "cookie underscore" and what came up? Fourth entry down: the PHP manual page on the setcookie function, with a comment from someone who discovered the exact same symptom and figured it out.
Is there anything the PHP manual can't resolve? Google may be the single greatest users manual ever invented, but the PHP manual makes a close second in my book. Once again the big collective brain has saved my poor single brain from blowing a fuse.