HTTP Cookie implementation suffers a number of defects that make them non-fonctional with regard to how cookies are used in most web services. All known problems have been fixed in JDK 7. These was done over 6 CRs, however these were very small incremental changes and it makes sense to backport them 'in bulk' to JDK 6 since it's the combination of all these fixes that finally make cookies functional.
Fixes are known and validated.
Backport is a reasonably simple affair.