I'm sure you can poke holes in this theory, but whenever I see a pretty empty forum:
https://ripple.com/forum/
Combined with the fact I don't know wtf a Ripple is it basically means I can quite happily ignore it without worrying I'm missing out on anything important. If it had tens of thousands of posts I'd probably look into it a bit more.
I did see that question you linked to before, not sure I can help I'm afraid without doing some tests myself. Haven't done too much work with CORS I'm afraid. I did do some header stuff with some work I do a while ago, and I remember it being a giant PITA to get it working as I was expecting it to with IIS.
I put a bounty on it which should get you an answer shortly anyway.
BTW is sending user session ID via HTTP really a good idea? (Also I'm not a c# expert by any means! I just hack stuff together and it seems to work OK lol!)