OK. I've just found.
The session_id is added by redirect_header() in the core.
Thus, I have to modify the hack like this:
line 590 in include/autologin_main.php
// RMV-NOTIFY
// Perform some maintenance of notification records
$notification_handler =& xoops_gethandler('notification');
$notification_handler->doLoginMaintenance($user->getVar('uid'));
$_COOKIE[ session_name() ] = session_id() ;
redirect_header($url, 1, sprintf(_US_LOGGINGU, $user->getVar('uname')));
} else {
The archive will be updated tomorrow.
Thank you for reporting, jseymour!