Cookies header removed after a few requests

Question

The backend server is JBOSS, and the frontend is angular 5 with withCredentials = true. Two cookie fields are LSV and JSESSIONID. A token is used to login. In this request, both request header and response header

Cookie: LSV=0; JSESSIONID=BPqD8YMn7q5IIgD5JomHPdnZVXxbC924UedeDqaB.xxx-sit-test02-p0

Response header

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept, authorization, content-type, x-requested-with, token, appid, user
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: http://localhost
Access-Control-Max-Age: 1
Connection: keep-alive
Content-Length: 91
Content-Type: application/json
Cookie: LSV=0; JSESSIONID=BPqD8YMn7q5IIgD5JomHPdnZVXxbC924UedeDqaB.xxx-sit-test02-p0
Date: Wed, 16 May 2018 12:10:26 GMT
Server: JBoss-EAP/7
TSGNode: xxx-sit-test02-p0
X-Powered-By: Undertow/1

Request header

Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Cookie: LSV=0; JSESSIONID=BPqD8YMn7q5IIgD5JomHPdnZVXxbC924UedeDqaB.xxx-sit-test02-p0
Host: http://localhost
Referer: http://localhost:4200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36

But the next request is sent without LSV.

Cookie: JSESSIONID=BPqD8YMn7q5IIgD5JomHPdnZVXxbC924UedeDqaB.xxx-sit-test02-p0

I think these cookies are controlled by browsers. I wonder why one cookie is missing. Any possible reasons?

Answer 1

set-cookie of response header has to add path=/ when request LSV. After it, all the requests are sent with correct cookies in request header.