I believe all cookies are URLencoded as of ACS3.3, but it might be worth double checking.Thanks for the pointer on this, Andrew. Your suggestion fixed the problem with logging in that I was encountering on my phone.
Since we're working off of the ACS3.2 code base, cookies are not URL encoded. To fix this, I have included a modified version of ad-security.tcl in the latest version which ns_urlencodes and decodes the ad_user_login and ad_session_id cookies. The modifications to ad-security.tcl also take into account the fact that you might have users running around with non-ns_urlencoded cookies.
Again, ad-security.tcl is not placed in the ./tcl directory by default, JIC you happen to have a modified version. Also, one thing I forgot to mention in my previous post: you must copy parameter file settings for this module from the ./doc/wap.html file into your ./parameters/servername.ini file.