as explained on http://www.ietf.org/rfc/rfc2109.txt 4.3.4, multiple cookies are separated in http header with a ";". Using the same separator in value can confuse the server. This is a common cas when security is enabled and http header also contains JSESSIONID cookie.