Yes, this is expected behaviour. The documentation hints at this but does not make it explicitly clear.
Setting sessionCookiePath="/"
is treated as a special case to support
portlet implementations. Once one web application obtains a session all
subsequent sessions for any web application also configured with
sessionCookiePath="/"
will always get the same session ID. This holds
even if the session is invalidated and a new one created.
If a set of web application operates in this mode, changing the session ID is a lot harder. You'd have to write a custom Tomcat component to do it for you and even then I'm not sure that you can guarantee a smooth change over.