Sessions w/o cookies still broken

Supporting sessions without cookies is still broken in Rails.

One can add the _session_id to each link using something like this:

class ActionController::Base
def default_url_options(options)
{ ‘_session_id’ => session.session_id }

BUT the problem is that doesn’t work when you have an upload form
(because of a bug in Rails/CGI.rb).

See this ticket:

Does anyone know how to fix for this? I really wish I could support
users without cookies in my upcoming commercial application, but it’s
just not possible, because of that bug (and I’ve been trying to find
a solution for this for over two weeks now).

I looked into the code, but I don’t understand it so very well, it’s
confusing for me, so I didn’t manage to fix it myself.

I really think it would be a good idea if Rails had this fixed this
for 1.0. Not every programmer has the freedom to just block users
that accept no cookies. I wish I did, but I must support them.


I guess no one cares about users that have cookies disabled =)

Maybe someone can help me with this one: I tried recreating the
session object myself, like this:

before_filter :recreate_session
def recreate_session
session =, :session_id => params
[:_session_id]) if(params[:_session_id])

That doesn’t seem to work though. It creates a new session instead of
the one with the params[:_session_id]

Does anyone know how I can get that to work? If I at least can get
this hack to work, then I finally can use Rails in production.


Nevermind! Matthew seems to have found a fix

He will post it when he has the time

Check the ticket


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs