Avoiding Duplicate Cookies
The application sets a cookie with a different value multiple times within the same response. This is not a direct threat to the security of the application; however, might indicate a programming error, and can have unintended consequences. The application sets the following cookie to multiple values within the same response: JSESSIONID.
Browsers will only accept one of these values, typically the value in the last header. Servers should not include more than one Set-Cookie header field in the same response with the same cookie-name. The application should be configured to not return multiple “Set-Cookie” HTTP headers in the same response with the same name.
To resolve this issue, open the context.xml file from the <Install directory>/profiles/IS_default/configuration/tomcat/conf folder. Edit the <Context? tag as follows: <Context sessionCookiePath="/">