I believe SSI calls are executed by the server before the page is sent to the client. If that's the case, with the cookie potentially embedded in the HTML instead of being sent with the header, I'm not surprised.

Looking at the Everything source code, a cookie is set before the Content-type header is sent. Content-type: text/html always precedes the actual HTML, so anything included in there probably won't be interpreted by the browser.

If you're still interested in setting cookies and using SSI, I would suggest writing a very small wrapper script that sets the cookie then redirects to the actual page with the SSI.