[eluser]jonez[/eluser]
[quote author="ben.nsng" date="1383708860"]
For develop branch, CI provides two ways to store session, session_cookie (database) and session_native (local).[/quote]
Both posts above are fixes for version 2.x, not version 3 (dev branch). The session library is now a driver so neither of those will work. Not touching the session if the call is done via AJAX isn't really a fix, all it does is delay the inevitable and creates additional security concerns.
As you mentioned, in CI3 the AJAX bug still exists in the cookie/DB session drivers. It is not present in the native PHP session driver, using the native driver will correctly keep a user signed in as long as they make AJAX calls.
That leaves you with two options, find a way to make native sessions work in your cluster or see if you can fix the long standing bug in the cookie driver. I'd lean towards option #1 since the AJAX session bug has been present for a long time and I assume if it was an easy fix it would have been done long ago.
