To whoever implements this: please announce it publicly as soon as the change is done, because this would mean for existing installations that are updated that all the users who have a persistent login cookie would suddenly be logged out and would have to re-login.
A quick grep suggests that besides acs-tcl/tcl/security-procs.tcl where almost all of the cookie stuff is done one would only have to change some stuff in ecommerce which sets the cookies explicitely for some reason and some occurences of the cookie names in the docs.