Here is the complete details:
Application A
uses localhost:8080/dtts/dtts/a
Application B
uses localhost:8080/dtts/dtts/b
For every URL/Path
a cookie with name JSESSIONID
is set. For both applications we have:
URL: localhost
Path: dtts (and the rest is ignored)
That's why the second cookie replaces the first one. Problem solved.