[eluser]WanWizard[/eluser]
'localhost' is an invalid hostname, as per RFC 2965.
More and more browsers will reject it as a valid hostname for cookies. In short, browsers should reject cookies when any of the following rules are true:
* The value for the Path attribute is not a prefix of the request-URI.
* The value for the Domain attribute contains no embedded dots, and the value is not .local.
* The effective host name that derives from the request-host does not domain-match the Domain attribute.
* The request-host is a HDN (not IP address) and has the form HD, where D is the value of the Domain attribute, and H is a string that contains one or more dots.
* The Port attribute has a “port-list”, and the request-port was not in the list.
And as you can see, 'localhost' falls under point 2.