By default, a cookie's Domain becomes the hostname of the URI used to make the HTTP request in the first place. If you connect to a web server by IP address, and this web server sets a cookie without a Domain attribute, the cookie will be implicitly set with the Domain equal to the IP address of the web server.

You cannot specify an IP address in the Domain portion of the cookie. In the first place, it's useless in the case where the IP address matches the IP address in the URI. Secondly, IP addresses do not easily follow organizational boundaries in the way DNS domains do. An IP address with a number one less or one greater than the IP address of the web server may not necessarily reside in the same organization. For security reasons, then, any form of wild-carding of IP addresses in the Domain attribute of a cookie is not permitted. This effectively removes the usefulness of the Domain attribute for any form of IP address, aside from the implicit use mentioned above.