hm... mozilla explicitly allows this: see https://bugzilla.mozilla.org/show_bug.cgi?id=169091#c16

what does safari do in that case? does it allow the first cookie assignment but not the second?

http://tools.ietf.org/html/draft-abarth-cookie-05 supports the moz/IE behavior:

   3.  If the name-value-pair string contains a U+3D ("=") character:

          the (possibly empty) name string is the characters up to, but
          not including, the first U+3D ("=") character, and the
          (possibly empty) value string is the characters after the
          first U+3D ("=") character.

       Otherwise:

          the name string is empty, and the value string is the entire
          name-value-pair string.

It would be interesting to find out why WebKit has the test it currently has.

I've tested the behaviour of various browsers when receiving a nameless cookie, and it's as follow:

  - Firefox & Konqueror:
    It handles the nameless cookie, however, if it has no name and "" as value, it doesn't appear in document.cookie
    document.cookie="" sets nameless cookie to "" value
  - Chromium:
    Handles nameless cookie, but document.cookie="" does nothing (the previous nameless cookie is not overwritten)
  - Internet Explorer:
    Handles nameless cookie, nameless cookie with "" as value is still shown in document.cookie
  - arora(QtWebKit):
    Ignores nameless cookie
  - Safari & Opera
    document.cookie = "" and document.cookie = "=value" do nothing, document.cookie = "value" create a new cookie with value as name and "" as value

This patch handles a nameless cookie if a value is especified (either by "value" or "=value"), but removes the cookie if value is "" (either by "" or "=")

Just checked in a bunch of fixes to cookie handling, which should fix this.