The Quick Start Guide for AM 6.5 still suggests to adjust the cookie domain from .openam.example.com to .example.com here: https://backstage.forgerock.com/docs/am/6.5/quick-start-guide/#adjust-the-cookie-domain.
Current users are likely to use the latest Tomcat versions for which the change will break AM.
Tomcat enforces stricter checking for valid cookie domain values per RFC 1034 and RFC 6265. In Tomcat 8.0.x, a leading dot was required for cookie domains, whereas this is no longer permitted in 8.5 and later.
Furthermore, long cookie domains can be kept as the latest web agents use OAuth2 and will be able to set the cookie on their own domain out of the box (no need to set up CDSSO anymore).