Forum: Ruby on Rails Sessions w/o cookies still broken

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
mannl (Guest)
on 2005-11-14 00:50
(Received via mailing list)
Supporting sessions without cookies is still broken in Rails.

One can add the _session_id to each link using something like this:

class ActionController::Base
   def default_url_options(options)
     { '_session_id' => session.session_id }
   end
end


BUT the problem is that doesn't work when you have an upload form
(because of a bug in Rails/CGI.rb).

See this ticket: http://dev.rubyonrails.com/ticket/210


Does anyone know how to fix for this? I really wish I could support
users without cookies in my upcoming commercial application, but it's
just not possible, because of that bug (and I've been trying to find
a solution for this for over two weeks now).

I looked into the code, but I don't understand it so very well, it's
confusing for me, so I didn't manage to fix it myself.

I really think it would be a good idea if Rails had this fixed this
for 1.0. Not every programmer has the freedom to just block users
that accept no cookies. I wish I did, but I must support them.



Robert
mannl (Guest)
on 2005-11-14 12:08
(Received via mailing list)
I guess no one cares about users that have cookies disabled =)


Maybe someone can help me with this one: I tried recreating the
session object myself, like this:

before_filter :recreate_session
def recreate_session
	session = CGI::Session.new(CGI.new, :session_id => params
[:_session_id]) if(params[:_session_id])
end


That doesn't seem to work though. It creates a new session instead of
the one with the params[:_session_id]

Does anyone know how I can get that to work? If I at least can get
this hack to work, then I finally can use Rails in production.




Rob
mannl (Guest)
on 2005-11-14 12:12
(Received via mailing list)
Nevermind! Matthew seems to have found a fix

He will post it when he has the time

Check the ticket

Rob
This topic is locked and can not be replied to.