The cookies part of the HandlerChainTestCase in shared-testsuite is still disabled with a comment leading to CXF-1507. The cxf issue is actually not an issue, basically the test is making a wrong assumption in SOAP handlers which are setting the cookies in the SOAP MimeHeaders, while JAXWS comes with specific properties (MessageContext.HTTP_REQUEST_HEADERS / MessageContext.HTTP_RESPONSE_HEADERS) for setting them.