tor docs say that the default CookieAuthFile should be inside DataDirectory, but at least when a tor is started with "DataDirectory /tmp/whatever" on the command-line, tor still seems to be use TMPDIR to derive a CookieAuthFile location...
This was a mistake on my part: if you don't supply ANY "-f" option, then Tor loads the default torrc file and only applies command-line args on top of that.
tor docs say that the default CookieAuthFile should be inside DataDirectory, but at least when a tor is started with "DataDirectory /tmp/whatever" on the command-line, tor still seems to be use TMPDIR to derive a CookieAuthFile location...