Note that au stores cookies on the gateway, not the handset itself - only when using end-to-end SSL encryption, cookies are stored on the handset.
non-SSL: 30 cookies with name 2000b, value 4096b, path 256b, domain 256b
SSL: Set-Cookie field must be less than 1kb, with a total storage capacity of 4kb.
Cross-subdomain cookies are supported, e.g. setting the cookie's domain to ".keitai-dev.net" to have it being sent back for accesses to all keitai-dev.net subdomains.
au handsets though do not regard the domain itself without any subdomain (e.g. accesses to http://keitai-dev.net/) to be included in cross-subdomain cookies, as one would expect when coming from PC browsers.
SSL and Cookies
For au, transitioning between non-SSL and SSL pages looses all cookies. This is because the handsets then actually uses end-to-end encryption and thus the server cannot inject the cookies.
The trick here would be to inject the session ID into the URL when switching to SSL. See SessionHandling for more details.
Carrier specific details
Cookie details: http://www.au.kddi.com/ezfactory/tec/spec/cookie.html (jp) SSL issues: http://d.hatena.ne.jp/maru_cc/20080512/au_ssl_cookie