That’s a side effect of how the web browsers handle the session cookie. The browser cookie manager stores the JSESSIONID cookie using only the hostname (the port doesn’t matter). So in your step #2, the JSESSIONID cookie for that session overwrites the same from step #1.
The only way I know of to workaround the issue would be to use a different hostname for each session.
For example, open two sessions with two different hostnames in the address: