Sessions w/o cookies still broken


#1

Supporting sessions without cookies is still broken in Rails.

One can add the _session_id to each link using something like this:

class ActionController::Base
def default_url_options(options)
{ ‘_session_id’ => session.session_id }
end
end

BUT the problem is that doesn’t work when you have an upload form
(because of a bug in Rails/CGI.rb).

See this ticket: http://dev.rubyonrails.com/ticket/210

Does anyone know how to fix for this? I really wish I could support
users without cookies in my upcoming commercial application, but it’s
just not possible, because of that bug (and I’ve been trying to find
a solution for this for over two weeks now).

I looked into the code, but I don’t understand it so very well, it’s
confusing for me, so I didn’t manage to fix it myself.

I really think it would be a good idea if Rails had this fixed this
for 1.0. Not every programmer has the freedom to just block users
that accept no cookies. I wish I did, but I must support them.

Robert


#2

I guess no one cares about users that have cookies disabled =)

Maybe someone can help me with this one: I tried recreating the
session object myself, like this:

before_filter :recreate_session
def recreate_session
session = CGI::Session.new(CGI.new, :session_id => params
[:_session_id]) if(params[:_session_id])
end

That doesn’t seem to work though. It creates a new session instead of
the one with the params[:_session_id]

Does anyone know how I can get that to work? If I at least can get
this hack to work, then I finally can use Rails in production.

Rob


#3

Nevermind! Matthew seems to have found a fix

He will post it when he has the time

Check the ticket

Rob