Session token changes with cross-domain access

[BillyBooBob]

I set up the Apache ProxyPass / ProxyPassReverse in order to access my webApp on :80, but I found that requests reaching the webApp are assigned a new token on each and every call when accessed from within a web page and self.response.allowedOrigins is utilized (being necessary for the cross-domain access). This does not happen if the call is accessed directly in a browser via direct URL (avoiding cross-domain/allowedOrigins activity).

If needed, I can provide a simple project and setup instructions that demonstrates this.