Turns out whoever wrote the EULA logic in our app, which contained the above cookies, decided to use semicolon delimiters in it's value and that inadvertently ate other cookies such as the JSESSIONID. Once I removed all cookies, it seems to hold the session much better whether I was using the Admin Console or my web app. Next, I'll clean the EULA logic to avoid this going forward.
Thanks for the advice, you made my day!
[Message sent by forum member 'jameshr' (jameshr)]
http://forums.java.net/jive/thread.jspa?messageID=279608