Solution to session data loss when using AJAX

[eluser]Chillahan[/eluser]
Guys, I too am confused by this. Some questions:

a) The initial fix here would fix the race condition, right, because as long as they're all AJAX requests that are racing one another, then the session will never update the id, and all will be good. So I am confused why this does not work for slowgary (unless his issue is with regular requests racing, not just AJAX).

b) I experimented with CSRF library (see post URL below). There, it implicitly trusts cookie if set, and does not regenerate key. But once the cookie expires, there is still a problem.

http://ellislab.com/forums/viewthread/189915/

c) To expand on above, I don't get WHY there is a problem (with CSRF or with Session), because when I set my own cookie, I can see it being created in the browser's cookie list in real-time! I.e., I fire an AJAX request, the controller sets a cookie using the cookie helper (which is same as input setter), and I see the cookie appear, and all this is while the JavaScript is timing out for 10 seconds so that I can be sure nothing else happens before cookie appears.

To me it seems there must be some underlying way the cookie is being set by CI in the Session and CSRF that is somehow different, or something in the order of preparation of the return, but I haven't looked into it and cannot imagine what would differ. But doesn't it seem that both the Session and CSRF issues could be fixed with AJAX if the underlying code in each simply set the cookie in a way that works like the way it works when I set it manually during an AJAX request?

Or are there differences in cookie availability during AJAX requests among browsers/platforms that make the setting of a cookie during such request unreliable as a whole, and thus a nonstarter?