Ajaxian » Troubles with Asynchronous Ajax Requests and PHP Sessions. Links to Marc Wandschneider's post explaining why you need to think about about possible race conditions with session data when using Ajax. Via Keith Gaughan, who posts some good comments on the Ajaxian thread about causes and possible solutions.
In short, server-side technologies like PHP don't let you lock access to your session across requests. So, you can A. try to do some complicated locking of your own on the server. B. store the critical session data in a MySQL RAM table (or some other equivalent) which AFAIK will handle the locking for you (of course, you're still not safe in this case unless you're careful). C. give the client knowledge of what changes the session state on a server that could lead to a race condition, and make sure those requests are serialized (i.e. get a response from the server before sending the next request).
Update: Harry Fuecks has a follow-up article on this.
I hate ASP.NET
I hate ASP... I was doing wonderswith PHP, then suddenly one of myclients...
Johnies: Mar 17, 6:14am