I've tried to get the cookie1 standard amended, but the best most teams come up with is the old netscape docs on cookie1 - cookie2 never took off.
Any help adding this easy but rather significant fix to JBoss would be greatly appreciated. I am also leading the charge getting HttpOnly added to Tomcat http://manicode.blogspot.com/2008/03/httponly-support-for-apache-tomcat.html
I know about HttpCookie from my work here. Thanks anyway for the description. :)
This would be a change to Tomcat/JBossWeb codebase. Right? Nothing that JBoss needs to do here.