and i forgot to give you system specs:
Server Product ColdFusion 2016 Version 2016.0.03.301771 Java Version
as soon as i posted this i found out how to fix my "dot" problem
encodeValue="false" in the cfcookie.
but my problem is still here! the sub domain sets its own JSESSIONID cookie, and ignores the perfectly valid one already set
ok i think i may have it worked out
this is still a bug and should not be happening
but the workaround is this
setclientcookies = no
then add this
<cffunction name="onSessionStart" returnType="void" output="false">
<cfcookie name="JSESSIONID" value="#session.sessionid#" domain=".yourdomain.com" httponly = "yes" encodeValue="false">
then do your regular onrequeststart stuff
maybe this will save some suicides out there.