I'm not sure if this can have a negative effect, but I think you should not specify the content type. Also, did you include the Session keyword in the sessionId (example: "Session somesessionID")? Maybe something like this would work?
Http h = new Http();
HttpRequest req = new HttpRequest();
req.setHeader('Authorization', 'Session' + ' ' + sessionId);
HttpResponse response = h.send(req);
I hope this helps.