I find it strange that the work to modify frameworks is being used as a counter argument. Isn't that the whole point of using frameworks, so that a change of this type would be "free" to the users of the framework? How valuable is the framework you are using if it can't make such a transition? Surely, it is harder to change all the custom cookie implementations out there than to change the frameworks which use cookie authentication? I would think that the ability to hide this change in a few common frameworks would be a strong argument FOR this change!