Ahhh... Third party cookies. As a regular awesome they're evil because anyone can track you - as a developer of a system - they're awesome!
So the bad news, you can issue a cookie yourself - but it more than likely won't be accepted thought by the end user though since you're in an iframe and most browsers today don't accept third party cookies by default - so you'll need to take that behavior as something that will happen to you (because even 5% of users not having the proper behavior is bad).
So... back to the issue at hand. AP.cookie is awesome, but like you said - it issues the cookie on the
atlassian.net domain(we won't go into the number of cookies on atlassian's domains nowadays) so it really only works for javascript driven apps. Because of third party restrictions though, there really aren't any alternatives.
If you can have a barebones page loading that then can grab the session id from AP.cookies and then do an ajax query to redis and pass the value on the query string, you should be able to get around it. In the same way - you can have an ajax call on the page that calls the redis store and extracts the cookie header and then calls the AP.cookies through it.
It's not what you want to hear, but it's a limitation of browsers, iframes and cookies and something we have to live with... :( (Or you canjust ignore it and tell users that have the problem to change their settings, which more than likely most users won't though :( ).
/Daniel