If you use the Rails generator to generate a new app for you with a given name, it will automatically generate a unique cookie session ID for you in the /config/initializers/session_store.rb file which breaks this gem's method of generically calling it _session_id
This quick fix will allow it to always use the session ID that Rails knows about:
Another issue I had was that we use cookies for if user's check a "Keep me logged in" box during login and these cookies are stored as "remember_token". If this does not get passed in, the server cannot validate those users and this process fails.
I would recommend adding an option to allow them to pass in a param called "remember_token" since this is a pretty widely used design practice and you're likely to run into this often.
You would then have to build up the HTTP_COOKIE object to include both the session ID as well as this remember token.
This is kind of ugly, but hopefully you understand it and it works for both scenarios where the user has a Remember token or if they don't:
def call(env)
if env['HTTP_USER_AGENT'] =~ /^(Adobe|Shockwave) Flash/
req = Rack::Request.new(env)
the_session_key = [ @session_key, req.params[@session_key] ].join('=').freeze if req.params[@session_key]
the_remember_token = [ 'remember_token', req.params['remember_token'] ].join('=').freeze if req.params['remember_token']
cookie_with_remember_token_and_session_key = [ the_remember_token, the_session_key ].join(';').freeze
env['HTTP_COOKIE'] = cookie_with_remember_token_and_session_key
env['HTTP_ACCEPT'] = "#{req.params['_http_accept']}".freeze if req.params['_http_accept']
end
@app.call(env)
end
Issue 1: Unique session IDs
If you use the Rails generator to generate a new app for you with a given name, it will automatically generate a unique cookie session ID for you in the
/config/initializers/session_store.rb
file which breaks this gem's method of generically calling it_session_id
This quick fix will allow it to always use the session ID that Rails knows about:
Issue 2: Remember cookies
Another issue I had was that we use cookies for if user's check a "Keep me logged in" box during login and these cookies are stored as "remember_token". If this does not get passed in, the server cannot validate those users and this process fails.
I would recommend adding an option to allow them to pass in a param called "remember_token" since this is a pretty widely used design practice and you're likely to run into this often.
You would then have to build up the
HTTP_COOKIE
object to include both the session ID as well as this remember token.This is kind of ugly, but hopefully you understand it and it works for both scenarios where the user has a Remember token or if they don't: