Hi, I trying to make the sessions in my rails app independent of the availability of cookies at the client side. In order to achieve this i am using a plugin *, that adds _session_id to the querystring by adding it to all rendered urls, and adding a hidden input field with the session_id to all forms. This url and form rewriting is working great, also for the ajax links generated by link_to_remote. A bit tricky is to get rails to recognize this param as the session_id, according to a recent rails security update mail **, i have to set cookie_only to false. The description in the mail doesn''t work, but setting session_options[:cookie_only]=false in application.rb does the job though. And for the non-ajax version of my site, the session is working as hoped. The problem is when i try the same thing with javascript enabled, using ajax requests, then rails doesn''t recognise my _session_id param in the as the session_id. I can see the param is there, but rails just ignores it and assigns a new session_id. If anyone would has an idea what difference between a html request and an ajax request causes this problem, then that would be great. Thanks, Martijn * http://wiki.rubyonrails.org/rails/pages/Hidden+Field+Session** ** http://groups.google.com/group/rubyonrails-security/browse_thread/thread/239b034f4f808834?hl=en -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---