Race condition leads to the situation Set-Cookie header is leaked to different connection.
vulners.com/securityvulns/securityvulns:doc:7990