Multiple csrf cookies - why?

Running and EE5 site thru a high traffic caching server. The server admin tells me that one cookie is declared twice and causes a conflict which complicates caching. He’s since put in a workaround but is curious (for future reference) to know why there are two instances of the following cookie.

Set-Cookie: exp_csrf_token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly

Set-Cookie: exp_csrf_token= 852215e8829b1bvd2wa6fh4c; expires=Thu, 03-Jan-2019 07:34:04 GMT; path=/; httponly

We’re guessing that the first instance kills any old versions that may be lurking in the user’s browser and the second one starts afresh.