Just to clarify, the PHPSESSID cookie was HttpOnly - I could extract the new value because I had overwritten it. Most of the cookies were set correctly (thankfully) however there was a lot of SPII stored in JS variables which I was able to get.