What the code does is to handle the very, very common case that
www.example.org and example.org is the same site. Without the code the following could happen:
1) Log in at
www.example.org/pivotx.
2) Move around and end up at example.org
3) Going to example.org/pivotx you would be asked to log in again since the login (the session cookie to be precise) in step 1 is only valid for the www subdomain.
In other words (after the bug fix), only subdomains named "www" (like
www.example.org) gets this special treatment.
PS! A cookie is valid on the domain it is set and all subdomains of that domain.