[eluser]slowgary[/eluser]
CroNiX,
Thanks for your reply. I have seen this proposed solution, but it is inadequate. AJAX requests transport cookies both ways between client and server, and thus are not truly any different than any other request. The reason that they SEEM to be the problem is that they are commonly issued concurrently.
Indeed, ANY CONCURRENT REQUESTS are capable of creating this scenario. If you read it carefully, you'll see that it has nothing to do with the type of request, but is caused by the fact that the first request causes the session ID regeneration while the second has already left the client with the old session ID.
This problem could just as easily plague an application that serves images via a controller, since the client will request those images concurrently.
