Yes, Chris, this is definitely a workaround for limitations in cookie scoping. Yes, it's not a total solution because people can still change the context path to empty and hit this problem. But I think that this workaround is a better way forward than changing the cookie name.
If we were to change the cookie name for Confluence, it would definitely break stuff. It was immediately obvious that stuff broke when we tested it. This includes several Atlassian plugins, undoubtedly a number of third-party plugins, custom authenticators, and proxies or load-balancers that are Java-session-aware.
Also, from the servlet 2.4 spec, §SRV.7.1.1 (emphasis mine):
The container sends a cookie to the client. The client will then return the cookie on each subsequent request to the server, unambiguously associating the request with a session. The name of the session tracking cookie must be JSESSIONID.
The Tomcat documentation advises against changing the cookie name too. I think we shouldn't do it, and the JIRA devs I've spoken to seems to agree with me on that.