[eluser]WanWizard[/eluser]
From an application point of view it is impossible to cater for this, since you will never know what the last request is (when it would be safe to rotate the id).
Hence the solution simply not to rotate session id's on ajax calls, but only on page requests.