Good news, worth sneaking under the publication wire prior to my vacation:  Sun Java Runtime Engine (JRE) 1.6.0_20 Build 5 (6u20-b05) fixes the mismanaged cookie session issue which could affect JRE 1.6.0_18 (6u18) to 1.6.0_20 (6u20-b02) users. This JRE release is only available through Patch 9553040. The Sun download version remains at 1.6.0_20 build 2 (6u20-b02), therefore you cannot uptake this fix through the Java automatic update facility. It is expected that this fix will be available through the usual delivery mechanism from Sun once JRE 1.6.0_21 (6u21) is released.  Until then, you can download it here:  
patch-9553040.png
 Patch 9553040 contains both a JRE (jrefb-6u20-rev-b05-windows-i586.exe) and a JDK (jdkfb-6u20-rev-b05-windows-i586.exe) executable. You only need to extract and install the JRE version from this patch to fix this issue. Patch Installation Instructions
  1. Download patch 9553040
  2. Extract the jrefb-6u20-rev-b05-windows-i586.exe
  3. Run the executable to install on the desktop
If you wish to distribute this release as a download through Oracle E-Business Suite and users do not already have an earlier release of JRE 6u20 installed on their desktop, follow the installation instructions in the appropriate note: If your users already have jre6u20 installed on their desktop, please uninstall the earlier release or over write it by installing this later version over it. Related Articles The preceding is intended to outline our general product direction.  It is intended for information purposes only, and may not be incorporated into any contract.   It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision.  The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.