My application responds to a URL along the lines of http://myapp/xxxx
where routes.rb determines that xxxx is not an action but an affiliate
code from a referral from another site. The affiliate is validated
and then the browser is redirected to the ‘new’ action.
reset_session # we should not have any session data set if we
reach here which we will have if we are testing!
affiliate = params[:affiliate] # this is parsed by routes.rb
session[:affiliate_name] = affiliate
log.info ‘Invalid affiliate’
redirect_to :action => ‘new’
when I try to access the session data in the ‘new’ action to pre-
populate the object with the validated affiliate name, my session data
is not there. All I have is _csrf_token which suggests that I never
wrote the session in the affiliate action or didn’t send the cookie on
The response I get is:
Does a 302 not send a cookie back to the browser and therefore the
‘new’ action is the first action to use the session and just creates a
Alternatives? Well I can get it working by passing the affiliate as
part of the url to the ‘new’ action but this then means the url looks
messy, and it could be easily modified so I would have to revalidate
the affiliate all over again.