Handling 2 sid in express session

Question

I have a scenario below as

1. On browser I open a website in which after getting authenticated with the system(i.e. access.abc.com) I get a cookie and I set it on client, i.e. connect.sid with domain as .abc.com

2. On same browser I open another webiste i.e. xyz.abc.com that also generates session cookie(after getting authenticated from the same i.e. access.abc.com) with same name but with different domain as xyz.abc.com(basically this is what this website sets)

Now if I send a request to any api on xyz.abc.com, I see 2 connect.sid going.

My question is which cookie will be picked by express-session of access.abc.com when xyz.abc.com send a request?

Below is the setting for express session at access.abc.com

var RedisStore = require('connect-redis')(expressSession);
var session = expressSession({
  key: 'connect.sid',
  store: new RedisStore({host: config.session_redis.host, 
    port: config.session_redis.port,
    ttl: 2*24*60*60 //in secs
  }),
  resave: false,
  saveUninitialized: false,
  secret: '234567',
  cookie: {
    domain: '.abc.com',
    maxAge: 2*24*60*60*1000 // in ms
  }
});

Answer 1

My question is which cookie will be picked by express-session of access.abc.com when xyz.abc.com send a request?

Looking at the code, I think that it will pick the one in the first Cookie header it encounters in the request headers, so the question becomes "which cookie will the browser put in the headers first?" (which I can't answer because I have no idea).