Authentication is faulty on domain based farm when cookiedomains is set to the exact domain of the main wiki

The usecase is a domain based farm with global users, where users want to be automatically authenticated on the whole farm when they authenticate on one of the wikis of the farm.
Setup a domain based multiwiki, where the main wiki is accessible at, say, localhost.localdomain. In xwiki.cfg, set xwiki.authentication.cookiedomains=localhost.localdomain . Subwikis addresses are subdmains of localhost.localdomain.
First issue:

1. login with a global user on the main wiki
2. go on a subwiki, you won't be authenticated. This issue is different from XWIKI-9622 in that no matter how many times you refresh, you'll never get authenticated on the subwiki.

However, if one first logs in on a subwiki and then navigates to the main wiki, they are properly authenticated on the main wiki/other subwikis.

Second issue:

1. login with a global user on a subwiki
2. go on the main wiki, you'll be authenticated
3. click the logout button. Page will be reloaded without the user being logged out (logout button doesn't do anything)
4. go on the subwiki where you authenticated or on another subwiki, click logout, it will work.