Thanks! It’s what I suspected.
Your server returns the following response for /panel/login:
It should look similar to this though:
As you can see, your server doesn’t send the Set-Cookie header, which is why the session is regenerated on every request (if the client doesn’t have the cookie, it can’t send it back with the next request).
Unfortunately, this is something that is very hard for us to debug as we don’t know the specifics of the 1&1 server setup. Please get in touch with their support team about this. I hope they can tell you more. 