Test client cookies do not take into account server hostnames/domains

[Ali Kaafarani]

A couple of issues arise in the testing framework when a Django project supports multiple hostnames.

1. Cookies received don't set the domain field
2. Cookies with a domain field are still included in requests to a different domain than the one in the cookie

Example of domain not being set:

from django.test import Client
client = Client()

# 1. Make a request with explicit SERVER_NAME
response = client.get('/', SERVER_NAME='foo.local')

# 2. Note that response.cookies['csrftoken']['domain'] has no value

Expected result: response.cookies['csrftoken']['domain'] was set to the value of SERVER_NAME (default would be testserver).
Rationale: Browsers do this, according to the specification: ​https://tools.ietf.org/html/rfc2965 (4.3.1 Interpreting Set-Cookie: Domain Defaults to the request-host)

---

Example of cookies sent incorrectly to another domain:

from django.test import Client
client = Client()

# 1. Make request with explicit SERVER_NAME, receive `csrftoken` cookie
response = client.get('/', SERVER_NAME='foo.local')

# 2. Note that client.cookies['csrftoken'] now has some value (eg. "123456")

# 3. Set the domain on the cookie
client.cookies['csrftoken']['domain'] = 'bar.local'

# 4. Make request to different domain
response = client.get('/', SERVER_NAME='bar.local')

# 5. Note that client.cookies['csrftoken'] was sent with the request, re-used by the server, and still has the same value (eg. "123456")

Expected result: On step 4, the client does not include the cookie with non-matching domain name.
Rationale: Using SERVER_NAME, the client should simulate browser behaviour by not sending cookies incorrectly to different hostnames.