Session cookies are generated server side and should always be secure and encrypted and therefore bound to that server. A session cookie created on one server will not be recognised (or be able to be decrypted) on another server. That would be insecure as hell!
If you’re talking about unencrypted, client-side generated cookies (which in my view are not session cookies) then I can’t help as I’ve never actually used them.
Or have I misunderstood your issue?
(edit)
Can I confirm that your other iframes (not the anvil one) are on a webserver that has something like a PHP back end? I guess what I’m getting at is how are the non-anvil cookies/sessions being created?