Steps to reproduce the problem:
1. Sent set-cookie header in response to browser with no domain attribute
2. Send another set-cookie header to browser with same name and updated value
3. Check cookies in next request header.  Header contains two copies of cookie.  Looking in Chrome DevTools Resources' tab one cookies has leading . and the other does not.

What is the expected behavior?
Only one copy of the cookie is stored by the browser and returned via the Cookie header in subsequent requests.

What went wrong?
This is not reproducible on demand but generally happens within a few minutes of requests updating cookies on the device such as when the cookie is encrypted and has a sliding window expiration time within it.  The problem reproduces on two different Android devices both running Chrome 50.0.2661.89: a Samsung Galaxy Tab S2 and an Asus Zenphone.  The problem has not been seen in Chrome on the desktop.

Attached is a screenshot from Chrome DevTools showing the duplicated cookie.  A wireshark trace was captured on the server at the same time proving that the server never includes a domain attribute in the set-cookie header so the problem is not inconsistent behavior by the server.

Did this work before? N/A 

Chrome version: 50.0.2661.89  Channel: stable
OS Version: 5.0.2
Flash Version:
 

Deleted: Screen Shot 2016-05-20 at 11.14.06 AM.png 131 KB

	Screen Shot 2016-05-20 at 11.14.06 AM.png 131 KB View Download