In validation I forgot to add:
2.3.5 Validate if cookie is not expired.
I suggest you add this to the JIRA issue as a comment.
Ehm... I've missed 735's component name which is "remoting", falsely connecting it with the new "security" functionality. Although I recommend this scheme for storing "remember me" cookies, Seam developers should judge if it is appriopriate here. Sorry for messing :)
BTW what about "remember me" capabilities in the new Seam's security framework?
That's a mistake I think, it is to do with the security.
Comment to JBSEAM-735 added (although it has status "closed").