Unfortunately that hasn't solved the issue. What I have discovered though is that if I try to expand the content tree items quick enough before the preview pane loads on the right it works. But consequent attempts afterwards then 500 error. What I think must be happening is the CSRF cookie is being set but then something is causing the ViewState hidden field to be regenerated causing them to mismatch.
I've got no idea how to find out what could be causing this though.