Set cookie domain for cancel remember-me

Fixes gh-3871

web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java

@@ -364,7 +364,9 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
 		Cookie cookie = new Cookie(cookieName, null);
 		cookie.setMaxAge(0);
 		cookie.setPath(getCookiePath(request));
-
+		if (cookieDomain != null) {
+			cookie.setDomain(cookieDomain);
+		}
 		response.addCookie(cookie);
 	}
 

web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java

@@ -253,6 +253,8 @@ public class AbstractRememberMeServicesTests {
 	@Test
 	public void logoutShouldCancelCookie() throws Exception {
 		MockRememberMeServices services = new MockRememberMeServices(uds);
+		services.setCookieDomain("spring.io");
+
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		request.setContextPath("contextpath");
 		request.setCookies(createLoginCookie("cookie:1:2"));
@@ -265,6 +267,10 @@ public class AbstractRememberMeServicesTests {
 		services.logout(request, response, null);
 
 		assertCookieCancelled(response);
+
+		Cookie returnedCookie = response.getCookie(
+				AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+		assertThat(returnedCookie.getDomain()).isEqualTo("spring.io");
 	}
 
 	@Test(expected = CookieTheftException.class)