Rails - Nov 2005 - Sessions w/o cookies still broken

Supporting sessions without cookies is still broken in Rails.

One can add the _session_id to each link using something like this:

class ActionController::Base
   def default_url_options(options)
     { ''_session_id'' => session.session_id }
   end
end


BUT the problem is that doesn''t work when you have an upload form  
(because of a bug in Rails/CGI.rb).

See this ticket: http://dev.rubyonrails.com/ticket/210


Does anyone know how to fix for this? I really wish I could support  
users without cookies in my upcoming commercial application, but it''s  
just not possible, because of that bug (and I''ve been trying to find  
a solution for this for over two weeks now).

I looked into the code, but I don''t understand it so very well,
it''s
confusing for me, so I didn''t manage to fix it myself.

I really think it would be a good idea if Rails had this fixed this  
for 1.0. Not every programmer has the freedom to just block users  
that accept no cookies. I wish I did, but I must support them.



Robert

I guess no one cares about users that have cookies disabled =)


Maybe someone can help me with this one: I tried recreating the  
session object myself, like this:

before_filter :recreate_session
def recreate_session
	session = CGI::Session.new(CGI.new, :session_id => params 
[:_session_id]) if(params[:_session_id])
end


That doesn''t seem to work though. It creates a new session instead of  
the one with the params[:_session_id]

Does anyone know how I can get that to work? If I at least can get  
this hack to work, then I finally can use Rails in production.




Rob

Nevermind! Matthew seems to have found a fix

He will post it when he has the time

Check the ticket

Rob