multi-sub-domain cookies and ajax problems

I need an HttpOnly authentication cookie to work on:

mydomain.com
www.mydomain.co开发者_如何学编程m
abc.mydomain.com

so that I can be logged into all three places via a single login.

This is working fine, by setting my cookie domain to:

.mydomain.com

here is the response header that sets the cookie:

MYAUTHCOOKIE=FOO; domain=.mydomain.com; path=/; HttpOnly

This all works fine for normal browser requests.

However, I need to make an AJAX request from mydomain.com and www.mydomain.com to abc.mydomain.com.

When I make the request, it isn't passing the authentication cookie. Why is this, and what can i do about it?

If i make a request to the same host as the page the JS resides on, it does send the cookie :s

Here's my request code:

$.ajax({
    type: "POST"
    , data: { data: { foo: bar} }
    , dataType: "json"
    , url: "http://abc.mydomain.com/foo"
    , timeout: 5000
    , success: function (data, textStatus) {
        alert('woo!');
    }
    , error: function (xhr, textStatus, error) {
        alert('meh');
    }
});

Is this some cross domain policy? Why doesnt the cookie domain make this work?

Thanks

---

According to the same origin policy, subdomains are indeed "hostile" to your top domain, but it can be fixed by setting document.domain (same article).