My problem was it was writting secure, when I wasn't on a secure connection. Then my server side code couldn't delete the cookie, because it would only pull unsecure cookies.
I ended up doing a quick check to see if connection was secure and if so then add the secure; else I skip it.
This works for now, but I think there is a bug here.
var expDate = new Date();
expDate.setDate(expDate.getDate() + 365);
var exireDate = "expires=" + expDate.toGMTString() + ";"
var framesize = "mainFrameSize=" + escape(document.getElementById("mainFrame").cols) + ";";
var secureit = "secure;";
var allValues = framesize + exireDate;
allValues += secureit;
document.cookie = allValues;
return window.location.protocol == 'https:';