Hello Dan,
Unfortunately, the problem seems widespread.
The client tries various techniques to reach the Server, but all of them seem to be unavailable, each one for a different reason.

The main hurdle is that normal XHR requests seem not available to our library.
This is the usual way the client performs the initial request to open a new session.
In your case, the client has to resort to a jsonp request, but then it seems that it cannot see the Server response.
Usually, the jsonp technique works with any user-agent, but probably your app poses additional restrictions.

To resume:
  1. In your environment some transports are not available to the library.
    It is possible that the limitation is in our library and that it needs an explicit support for this environment, since it cannot be recognized as a browser.
    Your requirement of cookie handling worsens the situation by posing additional constraints.
    Can you confirm that cookie handling is needed?
    BTW, when you test with the non-production environment, is setCookieHandlingRequired(true) still invoked?
    It would be interesting to perform a test in which you can remove this setting.
  2. The use of jsonp fails.
    Do you set restrictions like "Content-Security-Policy"?
    Do you have anything equivalent to the browser console where you can check if errors due to disallowed access are found in the responses?
    Moreover, is it possible for you to use a more recent Web SDK?
    This would make the investigation easier. However, this would also require the use of a more recent Server.