OK,
further research has shown that this is actually an apache bug which has been fixed in apache 2.0:
as follows from apache:
...
fix a problem with proxy where each entry of a duplicated
header such as Set-Cookie would overwrite and obliterate the
previous value of the header, resulting in multiple header
values (like cookies) going missing.
...
This is what is happening here - cookies are going missing because they are being overwritten.
For those of use running apache 1.3x and using proxy to openacs does anyone know of patch for this bug?
