$sessionId = (isset($_COOKIE[$cookie]) ? $_COOKIE[$cookie] : '');
If all cookie access was done through the cookie helper class my job would be as simple as replacing it with one which got it's cookies through the library instead of through $_COOKIE. I'd rather not override XenForo_Session:start() to make it use the cookie helper. It's a maintenance headache.
Any comment on this? If it is an oversight, can it be changed for 1.4 final?