1. Real Staging servers use the same (or closest possible) setup as Live.

2. Computers are automatons - if their behaviour changes it's because they were told to change. If the software doesn't differentiate between environments or yesterday then something else changed - so the poor server setup is not the only difference, and your first step is to identify which other differences exist.

> If I put a copy into a subdirectory on the live site, it works, cookies and all.

Check your version control history for what changes were made - sounds possible that somebody may have set/changed the path attribute of the cookies. Then again, you would have spotted that when you compared the actual cookies for the different environments to check for differences, so maybe it's something else.

document.cookie.match(/^foliosec=[a-z]+/) + '';

document.cookie.match(/foliosec=[a-z]+/) + '';

If JS had a decent regex engine, you'd just use a lookbehind instead (?<=^|;) but it doesn't so that wont work.

Next best solution is probably splitting and looping:

FoliosecCookie = getCookie('foliosec');

function getCookie( Name )
{
	for ( CurCookie in document.cookie.split(';') )
	{
	    var KeyValue = CurCookie.split('=',2);
	    if ( KeyValue[0] == Name )
	       return KeyValue[1];
	}
	return '';
}

You may need to use decodeURIComponent on the return value.

And for anyone wondering why the browsers don't just provide a built-in getCookie method that accepts a name and returns the value, the answer is because browser developers are fucking stupid.

/; foliosec=[a-z]+;/

And it really isn't voodoo; it's a very easy language to learn.