HAHA! I finally fixed it after all these years!
In the Application_PreRequestHandlerExecute method of FlashGateway.Controller.GatewayController:IHttpMod ule, it calls context.Items.Clear() on the HttpContext object, which inadvertently removes two ASP.NET session variables along with the two flash-remoting-related variables.
The workaround is to get rid of the Items.Clear call (assuming you've reverse engineered the source code like I have for customization and cutting out the irritating licensing module), and replace it with calls to Items.Remove for the following items:
"flash.result" {FlashGateway.IO.ASObject}
"flash.parameters" {System.Collections.ArrayList}
Doing so preserves these items:
"AspSessionIDManagerInitializeRequestCalled" (true)
"AspSession" {System.Web.SessionState.HttpSessionState}
By preserving those items, when HttpApplication.CompleteRequest is called and execution jumps to the EndRequest method, the System.Web.SessionState.SessionIDManager.CheckInit ializeRequestCalled method (called from the SessionIDManager.GetSessionID method and a few others up the stack) won't bomb when it sees that the "AspSessionIDManagerInitializeRequestCalled" item is no where to be found.
The previously posted work around using a custom session id manager only shows the Validate and CreateSessionID methods being overriden, but given what I've learned, it will only solve the problem if the GetSessionID method is overridden a well.
It's about time!
P.S. (always use application.CompleteRequest rather than response.End to avoid thread abort exceptions)