DTM has the ability to write cookies using the _satellite.setCookie function. However, there are a few problems with how they currently function, and it requires some work arounds to get it to work properly for some websites. Here are the items that need to be changed:
Cookie names can be written with a space in the name, or other invalid or undesired values. This is especially possible when a data element is set to persist for a visit or visitor. The cookie names should be encoded so this will no longer occur. There are some servers that will throw errors on any request where this occurs, so it is best to avoid this.
Cookie values are not encoded. This can cause a few different problems. First, if the cookie contains a semicolon, it'll break how the cookie is stored and the cookie will not have the correct settings. Next, some servers can throw errors if cookies contain non-encoded values, especially for any multibyte or special characters.
The cookies are ALWAYS set on the subdomain, there is no option to set them on the root domain. This prevents DTM from being able to set a root domain cookie that will span across subdomains to really harness the power of cookies.
Have an option to group cookies, similar to the Adobe Analytics cookie combining utility. This will allow DTM to still set cookies, but limit it to just 2 cookies if possible (one for session and one for persistent). The number of cookies on certain websites needs to be reduced, and DTM cookies can compound the issue.