Some operators (I'm looking at you Meteor) send duplicate cookies, one valid cookie with data and a second cookie with the same name which has no data and is expired.
With the current implementations of the java.net.URLConnection it seems that it processes Set-Cookie header in such a manner that the expired cookies are overriding the valid cookies and therefore our session is getting destroyed.
Some operators (I'm looking at you Meteor) send duplicate cookies, one valid cookie with data and a second cookie with the same name which has no data and is expired.
With the current implementations of the java.net.URLConnection it seems that it processes Set-Cookie header in such a manner that the expired cookies are overriding the valid cookies and therefore our session is getting destroyed.