Can you paste the relevant code where you are setting these cookies? Also, please post the list of libraries including in the .ear (and .war).
Thanks. Problem now resolved -- a comedy of errors.
To handle issues with other cookies as part of the security review, and at about the same time as the libraries were upgraded, a colleague added (incorrect) cookie management directives to the web.xml of each .war in the EAR. Apparently these overrode the Wildfly configuration settings for the session cookie. This is a little strange, since the session cookie should be entirely the responsibility of the servlet container.