There is a current movement to get rid of cookies all together and use HTML5 local storage. Google, among others, seems to leaning this way.
Just something else to think about and I don't know how it will apply to the original question in this thread.
>I think MS missed the boat by using the mangled URL as alternative. Having the cookie stored within normal payload data would have been better - even down to allowing new, encrypted non-diskable cookies to be updated via HTTPS:// rest without breaking too much other architecture.
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer