I found the problem in Tomcat's documentation:
"Note: Once one web application using sessionCookiePath="/" obtains a session, all subsequent sessions for any other web application in the same host also configured with sessionCookiePath="/" will always use the same session ID. This holds even if the session is invalidated and a new one created. This makes session fixation protection more difficult and requires custom, Tomcat specific code to change the session ID shared by the multiple applications."
Source: http://tomcat.apache.org/tomcat-7.0-doc/config/context.html
The issue is related to cookie path, and not with domain