diff --git a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
index ee25aee4ca..ec6670d83b 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServices.java
@@ -349,6 +349,10 @@ public abstract class AbstractRememberMeServices implements RememberMeServices,
         cookie.setMaxAge(maxAge);
         cookie.setPath(getCookiePath(request));
 
+        if(maxAge < 1) {
+            cookie.setVersion(1);
+        }
+
         if (useSecureCookie == null) {
             cookie.setSecure(request.isSecure());
         } else {
diff --git a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
index 2417efc583..9188092a86 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/rememberme/AbstractRememberMeServicesTests.java
@@ -1,5 +1,6 @@
 package org.springframework.security.web.authentication.rememberme;
 
+import static org.fest.assertions.Assertions.*;
 import static org.powermock.api.mockito.PowerMockito.*;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -352,6 +353,45 @@ public class AbstractRememberMeServicesTests {
         assertNull(ReflectionTestUtils.getField(services, "setHttpOnlyMethod"));
     }
 
+    // SEC-2791
+    @Test
+    public void setCookieMaxAge0VersionSet() {
+        MockRememberMeServices services = new MockRememberMeServices();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        services.setCookie(new String[] {"value"}, 0, request, response);
+
+        Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+        assertThat(cookie.getVersion()).isEqualTo(1);
+    }
+
+    // SEC-2791
+    @Test
+    public void setCookieMaxAgeNegativeVersionSet() {
+        MockRememberMeServices services = new MockRememberMeServices();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        services.setCookie(new String[] {"value"}, -1, request, response);
+
+        Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+        assertThat(cookie.getVersion()).isEqualTo(1);
+    }
+
+    // SEC-2791
+    @Test
+    public void setCookieMaxAge1VersionSet() {
+        MockRememberMeServices services = new MockRememberMeServices();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        services.setCookie(new String[] {"value"}, 1, request, response);
+
+        Cookie cookie = response.getCookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY);
+        assertThat(cookie.getVersion()).isEqualTo(0);
+    }
+
     private Cookie[] createLoginCookie(String cookieToken) {
         MockRememberMeServices services = new MockRememberMeServices();
         Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,