Are you setting the cookie on a different domain to where you want it sent back? If so, this is not allowed for security reasons. The web browser will ignore you and send no cookie header. This makes your server think you don't have a cookie and it generates a new one.

-Andrew.