Forum: Ruby on Rails Sessions w/o cookies still broken

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
mannl (Guest)
on 2005-11-14 00:50
(Received via mailing list)
Supporting sessions without cookies is still broken in Rails.

One can add the _session_id to each link using something like this:

class ActionController::Base
   def default_url_options(options)
     { '_session_id' => session.session_id }

BUT the problem is that doesn't work when you have an upload form
(because of a bug in Rails/CGI.rb).

See this ticket:

Does anyone know how to fix for this? I really wish I could support
users without cookies in my upcoming commercial application, but it's
just not possible, because of that bug (and I've been trying to find
a solution for this for over two weeks now).

I looked into the code, but I don't understand it so very well, it's
confusing for me, so I didn't manage to fix it myself.

I really think it would be a good idea if Rails had this fixed this
for 1.0. Not every programmer has the freedom to just block users
that accept no cookies. I wish I did, but I must support them.

mannl (Guest)
on 2005-11-14 12:08
(Received via mailing list)
I guess no one cares about users that have cookies disabled =)

Maybe someone can help me with this one: I tried recreating the
session object myself, like this:

before_filter :recreate_session
def recreate_session
	session =, :session_id => params
[:_session_id]) if(params[:_session_id])

That doesn't seem to work though. It creates a new session instead of
the one with the params[:_session_id]

Does anyone know how I can get that to work? If I at least can get
this hack to work, then I finally can use Rails in production.

mannl (Guest)
on 2005-11-14 12:12
(Received via mailing list)
Nevermind! Matthew seems to have found a fix

He will post it when he has the time

Check the ticket

This topic is locked and can not be replied to.