I am wondering if anyone can help me. I’ve come across a bit of a sticky
problem. I’m currently running a Facebook application which takes
payment from users. In order to take payment securely we’re had to break
out of our app. http://apps.facebook.com/ to
https://facebook.ourapplication.com/payments/create for example.
Once the payment is created and there’s no need for https anymore we
push the user back into Facebook to continue using the app. Ideally we
do everything inside Facebook but that isn’t possible. Unfortunately
this means we’re generating flash messages on the secure pages and
redirecting to a different domain which means our flashes don’t travel
across both domains, and we get no flash message on return. Equally when
we return to the payment page a second time the confirmation flash
appears as its the first hit on the original domain since we stored the
flash. This all makes sense, but we need a workaround.
Is there any way to store session data and maintain state other than in
cookies. Do you still require cookies even if you use
ActionRecord::SessionStore. I was under the impression some other unique
identifier could be determined from your browser build, time of first
page access or something, os and stored along with the session data in
the database rather than an unique identifier stored in a cookie. This
might be me being deluded however and be utter rubbish.
Any ideas on how to solve this problem?