Posted this on stack overflow earlier today
herehttp://stackoverflow.com/questions/13673969/rails-3-2-session-id-nil-until-next-request,
I really either don’t know what I’m doing, or I don’t understand how
sessions are supposed to work!
I’m connecting to rails from an Air app and communicating with JSON
only.
When the client sends a login request, the server makes sure the
username &
password match, then it does session[:user_id] = user.id, creating the
session. But before I send back the login response,
request.session_options[:id] is nil, so I seem to have no way of telling
the client was his session id is.
I did manage to get the CSRF token sent with the login response, which
the
client sends on subsequent requests. On these subsequent requests, the
session id is actually found in request.session_options[:id], so it must
be
working, just not in the order I expected.
So maybe I’m misunderstanding how this is supposed to work.
Is the act of the client sending along the CSRF token good enough to
validate the session? All my old Rails 2.3 code had me passing the
actual
session id to the client (and no mention of a CSRF token anywhere), so
I’m
just wondering if this is just how it’s done now in Rails 3.2? If I
should
still be relying on the session id, how can i send the session id to the
client with the login response at the time the session is created?
Thanks for taking a look and offering any explanation, this has been a
brick wall pretty much the whole day and I’d like to keep working on the
actual app writing again 8)