The current Cookie/SimpleCookie mechanism blends usage and creational concerns, i.e. the cookie both holds state and is a factory, acting as a template to create new cookie instances. These concerns should be separated.
In addition, it would be nice to have an encrypted cookie mechanism. Attached there is a patch for an initial implementation of an encrypted cookie based on 1.2.0 code. It's been added to capture the intent behind the cookie and to quickly patch the code base with this functionality before refactoring in a future version.