Using SessionSecurityToken written to Cookie is causing AJAX web service calls to fail.

Good Morning,

I have a POC application I'm writing that is using Claims Authentication / Authorization providers. It is using claims, as expected and I even have it working with the SessionAuthenticationModule. However, when I have the application configured to write to a cookie (And load it in an iHttpModule), my AJAX calls from some combo boxes do not work. I am challenged with my Windows credentials and they do not work. Taking out the session Authentication Module lets it work just fine. So, the SessionAuthenticationModule itself is doing what it needs to in terms of storing my claims in a cookie, however, it breaking my AJAX calls. Any ideas on what is wrong and how to fix this?

Including some relevant config:

Service config XML:

<services><service name="ABCDE.ControlServices.DropdownMethods"><endpoint address="" behaviorConfiguration="ABCDE.ControlServices.DropdownMethodsAspNetAjaxBehavior"
      binding="webHttpBinding" bindingConfiguration="Controls_webHttp" contract="ABCDE.ControlServices.DropdownMethods" /></service></services>

Binding Configuration:

<webHttpBinding><binding name="Controls_webHttp"><security mode="TransportCredentialOnly"><transport clientCredentialType="Windows"  /></security></binding></webHttpBinding>

Session Related Code (ClaimsTransformerHttpModule):

        private void Context_PostAuthenticateRequest(object sender, EventArgs e)
        {
            var context = ((HttpApplication)sender).Context;

            //// No need to do another transform if we have the cookies. 
            if (FederatedAuthentication.SessionAuthenticationModule != null &&
                FederatedAuthentication.SessionAuthenticationModule.ContainsSessionTokenCookie(context.Request.Cookies))
            {

                return;
            }


            var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;

            if (transformer != null)
            {
                var transformedPrincipal = transformer.Authenticate(context.Request.RawUrl, context.User as ClaimsPrincipal);

                Thread.CurrentPrincipal = transformedPrincipal;
            }
        }

Session Related Code (Claims Transformer)

        public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
        {

            if (!incomingPrincipal.Identity.IsAuthenticated)
            {
                return incomingPrincipal;
            }

            var newPrinciple = ApplyTransform(incomingPrincipal);

            CreateSession(newPrinciple);

            return base.Authenticate(resourceName, newPrinciple);
        }

        ClaimsPrincipal ApplyTransform(ClaimsPrincipal incomingPrincipal)
         {
                    .... Transform Code .....
         }

        private void CreateSession(ClaimsPrincipal principal)
        {
            if (HttpContext.Current != null)
            {

                var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(8))
                {
                    IsPersistent = false,
                    IsReferenceMode = true
                };

                FederatedAuthentication.SessionAuthenticationModule.IsReferenceMode = true;
                FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sessionToken);
            }
        }

 I have tried server side caching of the session security token (as listed above) and also without the caching to no avail. Any advice would be most welcome.