Unfortunately there is a problem with the http request cookie header delimiter in Axis/JAX/Java frameworks that causes failure in authorisation. Axis et al use comma (,) as delimiter whereas the standard defines the need of semicolon (;) (RFC6265).
This used to be a non-issue until recently when we introduced a second cookie header.
We released a grace fix for http requests with non standard cookie header on Wednesday August 5th.
In the long run our patching around standards isn't a viable solution and we highly recommend you fix it by patching your framework to use semicolon as delimiter.
We have taken steps to ensure that we check for this but cannot guarantee it will never break again for a clients sending non-standard cookie headers.
We have taken steps to ensure that we check for this but cannot guarantee it will never break again for a clients sending non-standard cookie headers.