I think you would need to have the last unknown character at the start of the next cipher block as you would need to control the content of the cipher block directly after that.
The idea is that if you force the browser to produce the ciphertext of a block like "kie: sessionid=f", where the first 15 characters are already known, then you don't have to try many candidate plaintext blocks through your adaptive-chosen-plaintext oracle to find that unknown 16th character.
