in some cases, the server may issue session or other types of cookies without really needing to. At the same time, a single server path may have multiple alias paths that are redirected to allow migration from an old server layout to a newer one. If both of these are true, the cookie's Path attribute may be wrong for the path that Maven attempts to access. When that happens, the httpclient-based wagon will puke because of an invalid cookie.
If the cookie really isn't required, then httpclient should be configured to ignore cookies sent from the server. This configuration needs to be exposed so it can be managed from the settings.xml