The problem was that upon successful log in to my web site, I was:
1. setting a cookie to identify the user
2. invoke sendRedirect()
However, sendRedirect() was clearing cookies. I've changed it so that it
doesn't and updated it's docs.
I also added methods clearCookies() and clearHeaders() to HTTPResponse.