You have a client sending cookies with values that are not properly quoted.
The problem with browsers is that they have never all been trustworthy enough to follow the cookie spec consistently, completely, and (possibly most importantly) concurrently. That is, each browser does whatever the heck it wants with cookie values, quoting, etc., they occasionally change their own rules and follow various versions of the specifications, and they generally never agree with each other.
The cookie spec has largely failed due to a number of factors not the least of which is backward-compatibility. We are in a situation where it will probably be broken forever.
The bottom line is that you cannot trust a web browser with a cookie value with anything "odd" in it. "Odd" is defined as anything other than [A-Za-z0-9]+ plus a few punctuation characters. Sorry, that's just the reality of the situation.
So, what do you do about it?
Easy: encode your cookie values so that they are always in a format which matches [A-Za-z0-9]+ plus those few punctuation characters. A popular encoding is base64. Simply encode all your cookie values in base64 and you'll find that most if not all your cookie-problems go away. Base64-encoded values never need quoting, so if the browser quotes the value, great... if not, it's no problem.
There is an exhaustive answer here with an explanation of "how we got here". Above is just the result of all that history.
