It should have access to the cookie, but it may not be able to update the cookie, since SSI means Apache is taking care of outputting the headers for that page. Or at least that was my recent experience with SSI and cookies.