Adding some details...
1. We have SSO with another domain facilitated by a cookie provider. When logging into the other domain first (primary.com) then clicking a link from primary.com to the secondary domain (secondary.com), we are able to access resources on secondary.com server a until we make a call to secondary.com server b. We use TAI to enable communication between server a and server b. When we make a call to server b we receive two SMSESSION cookies as the image shows above for the secondary.com domain. One is persistent, one is transient.
2. Taking primary.com out of the picture entirely, if I call secondary.com and server b behind secondary.com, I see what is shown in the screenshot as well.
3. If I shut down server b on secondary.com and don't authenticate to primary.com, and call a garbage url (secondary.com/contextroot/garbage.html) I only receive the single transient cookie.
For scenario 1, the real issue is that when we get two SMSESSION cookies back IE doesn't send either one when server a behind secondary.com is called, resulting in a prompt for the user to login when the cookie provider determines it doesn't know who they are.