after some testings I was able to find the solution, it was the HAProxy, I have changed "cookie JSESSIONID prefix" to "cookie JSESSIONID insert nocache" in the "/etc/haproxy/haproxy.cfg" to be able to login to my webmail (sqirrelmail/roundcube).
here is a documentation snippet explaining the behaivior of that particular option:
insert This keyword indicates that the persistence cookie will have to
be inserted by haproxy in server responses if the client did not
already have a cookie that would have permitted it to access this
server. When used without the "preserve" option, if the server
emits a cookie with the same name, it will be remove before
processing. For this reason, this mode can be used to upgrade
existing configurations running in the "rewrite" mode. The cookie
will only be a session cookie and will not be stored on the
client's disk. By default, unless the "indirect" option is added,
the server will see the cookies emitted by the client. Due to
caching effects, it is generally wise to add the "nocache" or
"postonly" keywords (see below). The "insert" keyword is not
compatible with "rewrite" and "prefix".
prefix This keyword indicates that instead of relying on a dedicated
cookie for the persistence, an existing one will be completed.
This may be needed in some specific environments where the client
does not support more than one single cookie and the application
already needs it. In this case, whenever the server sets a cookie
named <name>, it will be prefixed with the server's identifier
and a delimiter. The prefix will be removed from all client
requests so that the server still finds the cookie it emitted.
Since all requests and responses are subject to being modified,
this mode requires the HTTP close mode. The "prefix" keyword is
not compatible with "rewrite" and "insert".