I have a dev server in our office that is behind the firewall. The hostname is franklin. We name all our servers after scientists or inventors.

When I set an HTTP cookie:

 Set-Cookie: user=kenny; expires=1245424860.11; Path=/; domain=franklin

The cookie doesn't set. I have tried the following with no luck.

.franklin
.franklin.local
franklin.local
.franklin.localdomain
franklin.localdomain

Do I have to set the hostname to something different or can I set this cookie through some magic I don't know already?

RFC 2109 says:

To prevent possible security or privacy violations, a user agent rejects a cookie (shall not store its information) if any of the following is true:

• The value for the Domain attribute contains no embedded dots or does not start with a dot.
• The value for the request-host does not domain-match the Domain attribute.

And also:

Domain Defaults to the request-host.

If your host is franklin:

• Cookies with domain=.franklin will be rejected, because it has no embedded dot.
• Cookies with domain=.franklin.local will be rejected, because it does not match the actual host name of your server.

The solution is to rename your hostname to franklin.local or franklin.<tld> and set the domain attribute of the cookie accordingly (domain=.franklin.<tld>). Alternatively (as you found out), do not specify the domain, and let the user agent fallback to the request host.

Are you setting the cookie from the right domain? You should access the website over http://franklin/ otherwise it wouldn't work (see: same origin policy).