The CookieFilter heap object now stores a java.net.CookieManager reference in the exchange.session. That make sense since the cookies are related to HTTP session.
This is working fine when the Session is backed by an HttpSession object.
But that fails when used with a JwtSession:
The reason is that the JwtSession ensure that stored references are JSON compatible (primitive types, list/arrays and map are the only accepted types).