CORS request - why are the cookies not sent?
The issue was with the jQuery calls - it seems since 1.5 withCredentials should be specified as:
$.ajax("http://localhost:3000/users/current", { type: "GET", contentType: "application/json; charset=utf-8", success: function(data, status, xhr) { hideAllContent(); $("#sign_out_menu_item").show(); $("#sign_in_menu_item").hide(); $("#welcome").text("Welcome " + data["username"] + "!"); $("#welcome").show(); }, xhrFields: { withCredentials: true }, crossDomain: true });