The issue was with the jQuery calls – it seems since 1.5 withCredentials should be specified as:
$.ajax("http://localhost:3000/users/current", {
type: "GET",
contentType: "application/json; charset=utf-8",
success: function(data, status, xhr) {
hideAllContent();
$("#sign_out_menu_item").show();
$("#sign_in_menu_item").hide();
$("#welcome").text("Welcome " + data["username"] + "!");
$("#welcome").show();
},
xhrFields: {
withCredentials: true
},
crossDomain: true
});