in specs there is "withCredentials" property for newer XMLHttpRequest
implementations which is exactly for maintaining session/authorization
during ajax calls,
see e..g discussion:
https://developer.mozilla.org/en/HTTP_access_control#Requests_with_credentials
It is available as property on XHR created with Chrome, so you could
investigate that topic (i.e. what is Chrome client implementation of
that feature of XHR) a little further (I'm interested in that subject
as well so could help with digging that topic a little further),
regards,
Peter