I have a script that interacts with a 3rd party web site. It's been in use for over a decade without issue, until about a week ago. My script hasn't changed, I suspect the 3rd party web site did, although the strange behavior seems to emanate from HttpWebRequest.
The web site sets a JSESSIONID cookie, with the following properties:
Name: JSESSIONID
Value: [snip]
Domain: n.server.com
Path: /Am
Secure: True
Http only: True
Expires: 0001-01-01 00:00:00
Expired: False
The cookie is correctly sent for several requests, including:
POST https://n.server.com/Am/Fq/Pi
PUT https://n.server.com/Am/Fq/P/D
But on the second call to
PUT https://n.server.com/Am/Fq/P/D
(same URL, different post payload), JSESSIONID is no longer sent. The cookie hasn't changed, the URL hasn't changed.
If, right before the second call, I re-create the cookie and change its path to "/" instead of "/Am", then it is correctly sent again.
This appears different than what the answers to a similar question suggest; it is not a matter of changes in the server name (www vs no www) or protocol (http vs https).
Why isn't the cookie reliably sent with its original "/Am" path?