When I make a request locally, I have no problems at all maintaining my FlexSession; however, when I make a request from another computer, it creates duplicate FlexSession for every request. I noticed the JSESSIONID is different for each request which is what's probably causing the duped sessions.

But I have no idea why this is happening. The specific error I get is:

Channel.Ping.Failed error Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly.

My crossdomain.xml is as follows:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="*" secure="false"/>
    <allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>

EDIT:

We are using spring-flex integration on the backend. Also, this happens in multiple browsers; we tried IE, Firefox, and Chrome.

Here's the Flex code:

var ro : RemoteObject = new RemoteObject("myDestination");
ro.endpoint = "http://localhost/foo";
ro.source = "com.bar.MyService";

var op : AbstractOperation = ro.getOperation("serviceMethod");
op.addEventListener( FaultEvent.FAULT, ro_faultHandler );
op.addEventListener( ResultEvent.RESULT, ro_resultHandler );
op.send();