Notes regarding AJAX post requests being logged out on Rails. Seems the problem is not adding the CSRF data.
The problem was that AJAX post requests resulted in a redirect to the login page. Further inspection showed the cookie was being passed, but the session on server was empty. Rails wasn’t getting the correct CSRF value and as a result, resetting the session data.
This StackOverflow post has some useful info Rails not reloading session on ajax post.
This lead to a post by Jason Weathered CSRF vulnerability in Ruby on Rails 2.3.10 & 3.0.3.
Which ended up at the jQuery UJS project. Installing this fixed the problem!