I'm using the same environment, but, am getting "Validation of the LTPA token failed because the token expired with the following info..." whenever the session ends and the app goes after another request. I'm okay with handling it with re-authenticating from the Flex side if an error is returned, but, Websphere doesn't return a real response...have you seen this?
I had a problem like this with cross-domain cookies.
Sorry I didn't read all the thread but the "Duplicate Session" is when the JSESSIONID cookie is not accepted by the browser.
I did what this blog says and it worked for me in safari.
A little bit of jquery and worked like a charm...
Europe, Middle East and Africa